So for my pen testing , I setup a windows 2000 box as a honeypot. I had
honeywall roo 1.1 running on that network. I tested that on roo I could
see keystrokes by running "sbk_extract -i br0 -p 1101 | sbk_ks_log.pl"
on console. I saw whatever i was typing fine on my honeypot's command
line. That all went good.
Now I ran a pen test from outside network and I got a command shell
window on my honeypot. I typed in some commands and created test
directories etc. logged out of the spawned command shell.
All the while i was doing this, i could see that on my honeywall's
console I could see what i had typed. No problem there. Now I opened
up my honeywall web interface from management station to see what it had
seen.
First it did raise IDS alarams fine. Good.
Now my question is How can I see the sebekd related keystroke logs that
i had typed for my testing?
I looked everywhere but couldn't find any sebek keystrokes anywhere?
Thanks in advance.
-Parvinder Bhasin
_______________________________________________
Honeywall mailing list
[email protected]
https://public.honeynet.org/mailman/listinfo/honeywall
