Connecting SecurityOnion 2.3.130 to dshield Honeypot via SSH? #8192
-
|
I just downloaded the ISO and before I begin installing security onion, I was wondering if you all could give me some advice. What I would like to do is be able to pull the logs from a dshield honeypot connected via <SSH username@IP>, If this is the only item I want to connect it to, would I be better with a standalone or distributed solution? I thought about exploring the IDH, but wasn't sure that was the best route based on the documentation. Ultimately I need to SSH into the sensor to pull the logs. Is there a way to do that? Thanks for the help! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
The IDH node is best route for now, as it is the supported option and easy to set up OOB. Alternatively, you could use either syslog or Filebeat to forward honeypot logs from another machine to Security Onion. |
Beta Was this translation helpful? Give feedback.
The IDH node is best route for now, as it is the supported option and easy to set up OOB. Alternatively, you could use either syslog or Filebeat to forward honeypot logs from another machine to Security Onion.