The Elasticsearch ELK Stack (Elasticsearch, Logstash and Kibana) is an ideal solution for a search and analytics platform on honeypot data.

See for a detailed overview.

Use the patch from dionaea/ to keep track of changes in the sqlite database. Make sure you alter the sqlite database

sqlite> alter table connections add column id integer;


ELK basic Setup

mkdir /data cd /data wget tar zxvf elasticsearch-1.7.1.tar.gz ln -s elasticsearch-1.7.1 elasticsearch wget tar zxvf logstash-1.5.3.tar.gz ln -s logstash-1.5.3 logstash

