Support This Project

  PHARM - Documentation : neplog_player.pl  

I have included a simple perl script called "neplog_player.pl" in the pharm install package.
With this utility you can REPLAY your old log data for your pharm clients.

neplog_player.pl depends on perl module "FileHandle". Please install this from CPAN prior to running.

Running neplog_player.pl to replay your old nepenthes.log file

Lets say I wanted to replay my old nepenthes.log files so that I can have PHARM server have that old data.
On the honeypot with old data , I would do the following:

shell#> grep "Accepted" /var/log/nepenthes.log > /var/log/nep_new.log

** This will grep for lines that have Accepted in the nepenthes.log file and save to /var/log/nep_new.log file

Now all i have to do is run neplog_player.pl to play the the nep_new.log file and write back to the /var/log/nepenthes.log file while pharm clients are running. ** Make sure pharm clients are running on the machine prior to replaying the logs.

shell#/usr/local/pharm/> neplog_player.pl /var/log/nep_new.log /var/log/nepenthes.log 1

Running neplog_player.pl to replay your old logged_submissions file

shell#/usr/local/pharm/> cp /var/log/nepenthes/logged_submissions /var/log/nepenthes/old_submissions
shell#/usr/local/pharm/> neplog_player.pl /var/log/nepenthes/old_submissions /var/log/nepenthes/logged_submissions

neplog_player.pl takes in 3 arguements. 1st arg the log file to replay , 2nd arg where to write the log file to and 3rd arg is number of seconds to pause between each line read.

Copyright 2009 - Nepenthespharm.com - Parvinder Bhasin
All rights reserved.