Reducing Honeypot Log Storage Capacity Consumption -- Cron Job with Perl-Script Approach

TL;DR

This paper presents a method using Cron jobs and Perl scripts to periodically parse and store honeypot logs into a database, significantly reducing log size and improving system performance during heavy DDoS attacks.

Contribution

It introduces a novel automated approach combining Cron jobs and Perl scripts to efficiently manage and reduce honeypot log storage during high traffic events.

Findings

Log size significantly reduced with the approach

Disk space usage decreased during DDoS simulations

Parsing speed improved, enhancing overall system performance

Abstract

Honeypot is a decoy computer system that is used to attract and monitor hackers' activities in the network. The honeypot aims to collect information from the hackers in order to create a more secure system. However, the log file generated by honeypot can grow very large when heavy traffic occurred in the system, such as Distributed Denial of Services' (DDoS) attack. The DDoS possesses difficulty when it is being processed and analyzed by the network administrator as it required a lot of time and resources. Therefore, in this paper, we propose an approach to decrease the log size that is by using a Cron job that will run with a Perl-script. This approach parses the collected data into the database periodically to decrease the log size. Three DDoS attack cases were conducted in this study to show the increasing of the log size by sending a different amount of packet per second for 8 hours in each case. The results have shown that by utilizing the Cron job with Perl-script, the log size has been significantly reduced, the disk space used in the system has also decreased. Consequently, this approach capable of speeding up the process of parsing the log file into the database and thus, improving the overall system performance. This study contributes to providing a pathway in reducing honeypot log storage using the Cron job with Perl-Script.