[Honeywall] Questions about the statistic data in Walleye

Earl esammons at hush.com
Sun Dec 9 13:58:35 EST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I can talk tot he "time" part....

roo is set to GMT by default which seems to make more sense than
any other timezone.

If you want local time I believe this still applies:
http://www.honeynet.org/tools/cdrom/roo/manual/txt/clock.txt

I'm not sure about the rest of your questions.  Hopefully someone
else can chime in.

Earl

On Sun, 09 Dec 2007 09:11:22 -0500 Xu nanxuan
<mybayern1974 at hotmail.com> wrote:
>I've some question on these data:
>
>1. After 24 hours of running roo, why is the time span in the up-
>right corner of the interface much less than 24? (this number of
>my latest experiment is 13)?
>And why is the time displayed the walleye not synchronous to the
>real world time?
>
>2. In the front page of the interface, I can see records like:
>Top 10 honeypots
>Host         Conns     IDSs
>X.X.X.X    nConn      nIDS
>Which range does the "nConn" and "nIDS" belong to? In the past 24
>hours? Or in some other ranges?
>
>3. This question may be similar to the 1st question. I can see
>from the interface that there are X connections involving A.B.C.D
>in the date of "Nov Dth". I'm suspicious to the "X" data. Is it
>the real number of the whole day (I mean the 24 hours) of "Nov
>Dth"? After all, the time displayed in Walleye is not the same as
>that in the real world, including both time point and time
>periods.
>
>Thanks!
>_________________________________________________________________
>Explore the seven wonders of the world
>http://search.msn.com/results.aspx?q=7+wonders+world&mkt=en-
>US&form=QBRE
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Charset: UTF8
Version: Hush 2.5

wkYEARECAAYFAkdcOpAACgkQk7+e+4lPSm2zMgCfXtBEm/JCYw+5ekwFG32Eo+mHYRIA
oLSee1ZbYIh1N7CD3aO5TRPWh6mX
=hgh1
-----END PGP SIGNATURE-----




More information about the Honeywall mailing list