Dear Sir: I have a question in my Roo 1.1 with Sebek
I install Sebek in my Fedora core 3 system ,than I setting my lab. Sometime, I have see sebek log in walleye , I use command “ls –al “ , but in walleye just see “ls” Sometimes , I have see port 1101 packet in walleye (not 0 Kb) , but can’t discovery sebek log. Any one can help me ? very thanks. This is my filter.txt //start action=full file=(name=/dev/random strict) action=keystrokes sock=(server) opt=(follow_child_proc) action=ignore file=(name=/dev/zero strict) action=full file=(name=/dev/random strict) action=ignore file=(name=/dev/ strict inc_subdirs) action=keystrokes sock=(proto=tcp rem_port=22) action=keystrokes sock=(proto=tcp local_port=22) opt=(follow_child_proc) action=keystrokes user=admin opt=(follow_child_proc) action=keystrokes user=john opt=(follow_child_proc) action=keystrokes //stop Did I use this command to monitor port 1234 ? action=keystrokes sock=(proto=tcp local_port=1234) opt=(follow_child_proc) thx a lot.
_______________________________________________ Honeywall mailing list [email protected] https://public.honeynet.org/mailman/listinfo/honeywall
