search

PT31 / honeyd

Automatically exported from code.google.com/p/honeyd
0 stars 0 forks source link

Honeyd syslog bottlenecks #15

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?

1. Run honeyd with the -d flag
2. or comment out setlogmask(LOG_UPTO(LOG_INFO));
3. Run honeyd
4. Generate alot of traffic ex: nmap -r -p1-65535 honeypot

this will send over 65535 syslog messages to syslog

What is the expected output? What do you see instead?

a complete scan of the honeypot will take a few minutes, as opposed to a
few seconds  as is the result for a real machine. 

I"ve logged to syslog using both syslog and rsyslog, neither is taxed by
the load honeyd is putting on it. average syslog message generation was
around 1000 messages a second, with honeyd being the limiting factor.

What version of the product are you using? On what operating system?

honeyd 1.5c linux

Please provide any additional information below.

Original issue reported on code.google.com by wireless...@gmail.com on 23 Oct 2009 at 7:21

GoogleCodeExporter commented 9 years ago 
Can you tell me how you are sending the events from Honeyd to a syslog server?  
I can't find any documentation on how to do this and I am a bit of a newbie to 
Honeyd.

jlawre23 |at| gmail dot com

Original comment by jlawr...@gmail.com on 17 Sep 2010 at 7:17