Dear All: I am a newbie on the Honeywall. I use the latest version roo-1.4.hw-20080424215740.iso
Here is the problem that I am facing now!! 1. The Sebek process tree doesn't expand its sub-process tree on the walleye. For example, I used a computer to attack the honeypot. I used Metaexploit 3.0 to attack it. After the attack success I got a shell of root privilege. And I also added some text file on c:\xxx.txt. Of course the Snort will have a alert and sebek will have a main process on walleye and log all of key logs. Here is the problem, I saw a lot of documents. It should be a sub-process tree on the walleye when Sebek log the record. And It also appears the key log on the walleye. *** Yet, I can't see the sub-process tree and key log on walleye *** I am so confusing with the above situation. I also did the "yum update". Does any one know the problem?? -- Best Regard. _______________________________________________ Honeywall mailing list [email protected] https://public.honeynet.org/mailman/listinfo/honeywall
