With the increasing popularity of Web services, attackers are getting attracted to hack the Web services and the servers on which they run. One of the major threats is that of intruders which may maliciously try to access the data or services. Thus there is a need to protect the servers on which Web services are running from intruders. Therefore, intrusion detection systems need to be employed. Signature based IDS are popularly being used. Honeypots are a highly flexible security tool with differing applications for security. They are a security resource that does not have any production or authorized activity but have an important use in intrusion prevention, detection and information gathering. Honeypot collects very little data and what it collects is normally of high value. This information can be used in extraction of intrusion detection signature. In this paper we have proposed a method to analyze the attacks and generate signatures for Web services.