The logging server also consists of 2 parts, the database and a webinterface. The database is used to store the analysis information from the honeypot server. This information is presented to the users by a webinterface. Screenshots from the webinterface can be found here. The webinterface is used to keep track of the logging, but also the sensor status information. A secondary function of this server is the ability to send mails in response to the logging that is received.

Several features of the webinterface are:

• Attack information
• Downloaded binary information
• Logging export to IDMEF
• Remote control for the sensors
• Traffic monitor
• Advanced search engine for textual and graphical logging