LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-08-2015, 01:35 AM   #1
Naaren82
LQ Newbie
 
Registered: Feb 2015
Posts: 10

Rep: Reputation: Disabled
I cannot find my honeyd logs in kali linux


hey there
And again, I got stuck in this problem.
I could not find honeyd logs in var/logs/honeypot/
there isnt any file.

I ran the honeyd with "honeyd -d -f honeyd.conf"
it works in terminal. but there arent any logs at all.

root@kali:/etc/honeypot# honeyd -d -f honeyd.conf
Honeyd V1.5c Copyright (c) 2002-2007 Niels Provos
honeyd[6952]: started with -d -f honeyd.conf
honeyd[6952]: listening promiscuously on eth0: (arp or ip proto 47 or (udp and src port 67 and dst port 68) or (ip )) and not ether src 98:4b:e1:94:62:46
honeyd[6952]: [eth0] trying DHCP
honeyd[6952]: Demoting process privileges to uid 65534, gid 65534
honeyd[6952]: [eth0] got DHCP offer: 192.168.23.3
honeyd[6952]: Updating ARP binding: 00:00:24:8b:83:c3 -> 192.168.23.3
honeyd[6952]: arp reply 192.168.23.3 is-at 00:00:24:8b:83:c3
honeyd[6952]: Sending ICMP Echo Reply: 192.168.23.3 -> 110.44.116.18


after some research, i came to know that i should include "-l" to create logs.
but it showed me only this.

root@kali:/etc/honeypot# honeyd -l -d -f honeyd.conf
Honeyd V1.5c Copyright (c) 2002-2007 Niels Provos
honeyd[6960]: started with -l -d -f honeyd.conf
honeyd[6960]: listening promiscuously on eth0: (arp or ip proto 47 or (udp and src port 67 and dst port 68) or (ip )) and not ether src 98:4b:e1:94:62:46
honeyd[6960]: [eth0] trying DHCP
Honeyd starting as background process
root@kali:/etc/honeypot#


so what could be the issue? Urgent help needed.
thanks in advance
P.S I am a linux newbie.
 
Old 03-08-2015, 11:06 AM   #2
Kgeil
LQ Newbie
 
Registered: Mar 2014
Posts: 27

Rep: Reputation: Disabled
check syslog

I'm not familiar with honeyd, but the logs are probably just going to /var/log/syslog. Invoke tail -f /var/log/syslog to check. If it's a busy machine, you might need to invoke tail -f /var/log/syslog | grep honey but if the honeyd logs don't contain the word honey, you won't find anything, so just check without grep first.

If so, you'll need to filter your syslog to go to wherever you want by creating a file in /etc/rsyslog.d. Google "rsyslog filtering", and you should have plenty of advice there.

Also, if /var/log/honeypot doesn't exist, you may need to create the file.

Good luck,

Kevin

Last edited by Kgeil; 03-08-2015 at 11:10 AM.
 
Old 03-16-2015, 05:22 AM   #4
Naaren82
LQ Newbie
 
Registered: Feb 2015
Posts: 10

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Kgeil View Post
I'm not familiar with honeyd, but the logs are probably just going to /var/log/syslog. Invoke tail -f /var/log/syslog to check. If it's a busy machine, you might need to invoke tail -f /var/log/syslog | grep honey but if the honeyd logs don't contain the word honey, you won't find anything, so just check without grep first.
My apologies for the sloth in the reply.
However, there wasnt anything I wished to see inside the syslog. Indeed I came to know that honeyd posess its own log. So, I think there is no link between the syslog and honeyd logs. Please correct me if I am wrong ( since i am a newbie)

Quote:
Originally Posted by Kgeil View Post
If so, you'll need to filter your syslog to go to wherever you want by creating a file in /etc/rsyslog.d. Google "rsyslog filtering", and you should have plenty of advice there.
I think I should also try this stuff because I think it will help me for redundancy purpose.

Quote:
Originally Posted by Kgeil View Post
Also, if /var/log/honeypot doesn't exist, you may need to create the file.
var/log/honeypot does exist, but the logs inside that folder which should exist, isnt there.


thanks for your reply
Will post if I managed to get help from ryslog.
 
  


Reply

Tags
honeyd, kali


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] honeyd error while running with honeyd.conf in kali linux Naaren82 Linux - Newbie 2 03-04-2015 02:01 AM
[SOLVED] Problem with Honeyd Installation during "make" in kali linux Naaren82 Linux - Newbie 3 02-25-2015 10:25 AM
how to find USB logs in linux pranks Linux - Security 5 06-19-2010 12:52 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:12 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration