If you start a sniffer on the honeywall looking for the sebek port you assigned the sebek client on install, do you see anything?
If you log onto the honeywall's mysql database: mysql -u roo -phoney >use hflow >select count(*) from process; >select count(*) from process_tree; >select count(*) from sys_open; >select count(*) from command; >select count(*) from process_to_com; >select count(*) from sys_read; >select count(*) from sys_socket; Do any of those commands yield a count? I really need to look at this.. apologies I have not yet. Rob On Tue, Sep 16, 2008 at 11:57 PM, Leo Juan <[EMAIL PROTECTED]> wrote: > Thanks for your reply Rob and Jefferson. > > Exactly, I am using the Windows XP SP0 as my honeypot and the sebek is > installed in it. > So, is it a open issue that Windows XP honeypot can't show the sub-process > tree?? > And even more information like sebek key logs???? > > It seems not good for Windows user. :( > Thanks all guys. _______________________________________________ Honeywall mailing list [email protected] https://public.honeynet.org/mailman/listinfo/honeywall
