I noticed this same behaviour with the Windows Sebek and Walleye. Sebek on Linux seems to give you a much nicer process tree. Sorry, I don't know why that is.
Shawn -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Li Chou Juan (Leo) Sent: September 16, 2008 4:15 AM To: [email protected] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Honeywall] Sebek Process Tree Problem Dear All: I am a newbie on the Honeywall. I use the latest version roo-1.4.hw-20080424215740.iso Here is the problem that I am facing now!! 1. The Sebek process tree doesn't expand its sub-process tree on the walleye. For example, I used a computer to attack the honeypot. I used Metaexploit 3.0 to attack it. After the attack success I got a shell of root privilege. And I also added some text file on c:\xxx.txt. Of course the Snort will have a alert and sebek will have a main process on walleye and log all of key logs. Here is the problem, I saw a lot of documents. It should be a sub-process tree on the walleye when Sebek log the record. And It also appears the key log on the walleye. *** Yet, I can't see the sub-process tree and key log on walleye *** I am so confusing with the above situation. I also did the "yum update". Does any one know the problem?? -- Best Regard. _______________________________________________ Honeywall mailing list [email protected] https://public.honeynet.org/mailman/listinfo/honeywall _______________________________________________ Honeywall mailing list [email protected] https://public.honeynet.org/mailman/listinfo/honeywall
