Question 1

How to set up Galah with OpenAI GPT-4?

Accepted Answer

Install Go 1.22+, clone the repo, add your OpenAI API key via LLM_API_KEY env var, and run with flags like -p openai -m gpt-4.1-mini. Ensure you configure the prompt in config.yaml to maintain JSON output format as specified in the README.

Question 2

Galah vs Cowrie: which is better for web honeypots?

Accepted Answer

Galah excels at dynamic, LLM-driven adaptation for arbitrary HTTP requests, while Cowrie is a SSH/Telnet honeypot focused on emulating shell interactions. Choose Galah for web application deception, but note it's newer and less battle-tested than established tools like Cowrie.

Question 3

Can Galah handle HTTPS traffic?

Accepted Answer

Yes, but you need to generate and configure TLS certificates manually, as mentioned in the Getting Started section. The README doesn't provide automated TLS setup, so it adds complexity for secure deployments.

Question 4

How to reduce API costs when using Galah?

Accepted Answer

Enable response caching with --cache-duration (default 24 hours) to reuse LLM-generated responses, and set strict usage limits on your LLM provider account to prevent denial-of-wallet attacks, as warned in the README.

Question 5

Does Galah support custom Suricata rules?

Accepted Answer

Partially—you can load custom .rules files via --suricata-rules-dir, but the implementation has limitations with keywords and PCRE, so complex rules might not work fully, per the SURICATA.md documentation.

Question 6

How to integrate Galah as a Go library?

Accepted Answer

Import the galah package, create a Service with NewService or NewServiceFromConfig, and call GenerateHTTPResponse with an http.Request. Omit RulesConfigFile to disable rule checking, as shown in the library usage examples.

galah

What is galah?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions