[Honeywall] #43: Time problem in Walleye

Honeywall honeywall-trac at projects.honeynet.org
Sat Dec 26 18:38:31 EST 2009


#43: Time problem in Walleye
----------------------+-----------------------------------------------------
  Reporter:  bjou     |       Owner:  rob at honeynet.org     
      Type:  defect   |      Status:  new                  
  Priority:  minor    |   Milestone:  roo-1.4              
 Component:  Walleye  |     Version:  1.4b3                
Resolution:           |    Keywords:  time walleye timezone
----------------------+-----------------------------------------------------
Comment (by breusshe):

 Replying to [ticket:43 bjou]:

 Ok, I figured out the time thing completely.  All time references in my
 Honeywall and Walleye are now accurate.  Here is what I did:

 First off, you'll be editing the following files:

 {{{
 /var/www/html/walleye:
     walleye.pl
     sum_graph.pl

 /usr/lib/per5/site_perl/5.8.8/Walleye:
     Admin.pm
     Aggregate_flow.pm
     Connection_table.pm
     Host.pm
     Process.pm
     Process_tree.pm
 }}}

 To do the edit, you need to run a series of '''vi''' commands:

 1.)  '''cd''' to the '''/var/www/html/walleye''' directory.[[BR]]

 2.)  Type the following command:

 {{{
 vi +%s/gmtime/localtime/g +%s/timegm/timelocal/g walleye.pl
 }}}
     ***NOTE:  This will start '''vi''' and run the two search and replace
 items (the text after each of the plus ('+') signs) as '''walleye.pl'''
 loads.  You must wait for two messages to appear.  Each message relates to
 the two search and replaces being done.  The first message will have in
 it:
 {{{
 Pattern not found:
 }}}
     The other will have:
 {{{
 x substitutions on y lines
 }}}
     where 'x' and 'y' are numbers.  You might see only one of these
 messages twice, or each of these messages once.  It depends on whether or
 not the string being replaced exists in the file.

 3.)  Once the search and replace is completed, you'll see:
 {{{
 Press ENTER or type command to continue
 }}}
 Just press '''Enter''' and '''vi''' will finish opening the file.
     ***NOTE:  Ignore any messages about changing a read-only file.  The
 next step tells you how to save a read-only file in '''vi'''.

 4.)  Type:
 {{{
 :wq!
 }}}
     ***NOTE:  This will save and exit '''vi'''

 5.)  Repeat Step 2 replacing '''walleye.pl''' with '''sum_graph.pl'''.

 6.)  '''cd''' to '''/usr/lib/per5/site_perl/5.8.8/Walleye''' and repeat
 Steps 2 - 5 using the filenames for this folder listed at the start of
 this post.

 7.)  Refresh or startup Walleye in your browser.  You'll notice that all
 the times now use the timezone configured for your server.

     ***NOTE:  If the time is still wrong, check the time in Walleye (found
 in the upper-right corner, in the header, once you log in).  Make sure the
 timezone listed there is correct.  If not, you need to adjust your
 timezone per the link in kwortman's earlier post (found in Clock.txt).

 That should straighten ya'll out.  Just keep in mind one thing: I think
 the developers intended this behavior.  I think the reason the code is set
 to GMT like this is so that organizations using multiple Honeypots in
 different geographical areas would have statistics that matched up to each
 other.  So, if you have a site in London and another in Bangkok, you might
 not want to make these changes since it might make it harder to determine
 when troublesome network traffic was bothering the two separate sites (due
 to the different timezones).

 Perhaps a developer could weigh in on this to confirm or deny my
 suspicions????

-- 
Ticket URL: <https://projects.honeynet.org/honeywall/ticket/43#comment:4>
Honeywall <https://projects.honeynet.org/honeywall>
Honeywall Public Project Site


More information about the Honeywall mailing list