By definition, every connection to a honeypot should be an attack. So setting up an IDS like Surikata isn't needed. Just something to collect the data. We do have a "Raspberry Pi" honeypot, that will setup some servers and then report data to our system for aggregation. It should work in an Ubuntu VPS with minor fixes (and please let me know what you need to change) ;-) See… Anonymous

ISC Handler

Sign Up for Free or Log In to start participating in the conversation!