Running honeycomb in a container¶
The rationale of container support is to allow rapid configuration and deployment so launching honeypots would be simple and easy.
Since honeycomb is a standalone runner for services and integrations, it doesn’t make sense for it to orchestrate deployment of external honeypots using docker. Instead, honeycomb itself could be run as a container.
This means the goal is to allow simple configuration that can be passed on to honeycomb and launch services with integration at ease.
To launch a honeycomb service with configured integration, the user needs to type in several commands to install a service, install an integration, configure that integration and finally run the service with optional parameters.
This actually resembles configuring a docker environment, where the user needs to type in several commands to define volumes, networks, and finally run a the desired container.
A yml configuration that specifies all of the desired configurations (services, integrations, etc.) will be supplied to honeycomb, and it will work like a state-machine to reach the desired state before finally running the service.
An example honeycomb file can be found on github
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | ---
version: 1
services:
simple_http:
parameters:
port: 1234
integrations:
syslog:
parameters:
address: "127.0.0.1"
port: 5514
protocol: tcp
|