Honeyd-Viz

Honeyd-Viz is a full featured script to visualize statistics from a honeyd honeypot.

It uses the Libchart PHP chart drawing library by Jean-Marc Trémeaux, QGoogleVisualizationAPI PHP Wrapper for Google’s Visualization API by Thomas Schäfer, RedBeanPHP library by Gabor de Mooij and geoPlugin’s geolocation technology (geoplugin.com).

Honeyd-Viz currently shows 20 charts. There are also geolocation data extracted and displayed with Google visualization technology using a Google Map, an Intensity Map, etc.

If you need to test Honeyd-Viz, go to any of the following ecommerce pages which have the HoneyDrive honeypot installed on them:

DOWNLOAD Honeyd-Viz:

Please also take a look at the README.txt file inside the package.

REQUIREMENTS:

  1. A MySQL database must have been setup and populated using the Honeyd2MySQL script.
  2. PHP version 5.3.4 or higher.
  3. The following packages: libapache2-mod-php5, php5-mysql, php5-gd

On Ubuntu/Debian:

apt-get update && apt-get install -y libapache2-mod-php5 php5-mysql php5-gd
/etc/init.d/apache2 restart

QUICK INSTALLATION:

wget http://bruteforce.gr/wp-content/uploads/honeyd-viz-VERSION.tar
mv honeyd-viz-VERSION.tar /var/www
cd /var/www
tar xvf honeyd-viz-VERSION.tar --no-same-permissions
cd honeyd-viz
chmod 777 generated-graphs
cp config.php.dist config.php
nano config.php #enter the appropriate values

Browse to http://your-server/honeyd-viz to generate the statistics.

PREVIOUS VERSIONS:

You can download version 0.1 here: honeyd-viz-0.1

CHANGES:

Version 0.2:
+ Cleaned honeyd-viz-generator.php.
+ Added most connections per day chart.
+ Tested on article about gout compression.
+ Added connections per day chart.
+ Added connections per week chart.

Version 0.1:
+ Initial version.

SCREENSHOTS:

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

  • Pingback: Honeyd-Viz 0.1 released! » BruteForce Lab's Blog()

  • Pingback: Honeyd-Viz 0.2 released! » BruteForce Lab's Blog()

  • Sol

    Can’t seem to get Exclusions to work. Added ‘224.%’, but it still shows up in graphs. Any suggestions?

    • Ion

      Hello Sol, thanks for trying the script and giving feedback! For the time being, I have applied the exclusion only to the Honeyd-Geo component. This is mainly because honeyd logs network packets inside a LAN and then geolocation doesn’t work due to local IPs. But otherwise they are shown in the charts. Removing the excluded IPs from all the components is in the TODO list though 🙂

  • sanaz ashnin

    how could you help me slove part 1

    how can i populate Honeyd2MySQL script on mysql?

    thanks

    • Nicolas

      First make sure your already have a database created. Then, in the directory you saved your perl script file (already configured) do this #perl honeyd2mysql.pl

  • JB

    Hi - I wonder if you might be able to help with honeyd-viz.

    I have got honeyd running, and successfully imported my logfile to mysql using your script. (Thanks!)

    I have followed your instructions to get honeyd-viz set up, and all seemed to go well.

    When I hit the URL, I got the homepage, along with the link informing me to manually generate the graphs.

    When I clicked that link, it just printed the contents of my config.php in the browser window.

    Any suggestions please?

    Thanks!

Powered by WordPress and the Graphene Theme.

Read previous post:
New version of Kippo-Graph: 0.7.2 (small fixes)
Honeyd2MySQL v0.2 - important fix
Honeyd2MySQL v0.1, populate a MySQL database with data from honeyd logs!
Kippo2MySQL v0.1.2
Honeyd2MySQL
Close