Re: [Honeywall] Sebek Process Tree Problem

[Leo Juan]

HI Rob:

I follow your steps to query the database hflow
select count(*) from process;
count(*) 165
select count(*) from process_tree;
count(*) 0
select count(*) from sys_open;
count(*) 0
select count(*) from command;
count(*) 5
select count(*) from process_to_com;
count(*) 23
select count(*) from sys_read;
count(*) 877
select count(*) from sys_socket;
count(*) 260
It seems that there are no data in table process_tree and sys_open.
**** I can support more information to you if you want! ****


By the way, we try to install the sebek 3.0.4 on Windows 2003.
After that, we restart our machine.  It appears Windows crash screen (Blue 
Screen) again and again.
I have already tried every Windows 2003 version like enterprise, standard, 
web_edition.
SO SAD, all of them are not working.  :(

Then I try to download the souce code and re-compile it by Visual Studio C.
It still not work on it.  The crash screen is still happen!

Do you have any idea on it?


----- Original Message ----- 
From: "Rob McMillen" <[EMAIL PROTECTED]>
To: "Mailing list for users and developers of the Honeywall" 
<honeywall@public.honeynet.org>
Sent: Wednesday, September 17, 2008 8:21 PM
Subject: Re: [Honeywall] Sebek Process Tree Problem


If you start a sniffer on the honeywall looking for the sebek port you
assigned the sebek client on install, do you see anything?

If you log onto the honeywall's mysql database:

mysql -u roo -phoney
use hflow
select count(*) from process;
select count(*) from process_tree;
select count(*) from sys_open;
select count(*) from command;
select count(*) from process_to_com;
select count(*) from sys_read;
select count(*) from sys_socket;

Do any of those commands yield a count?

I really need to look at this.. apologies I have not yet.

Rob

On Tue, Sep 16, 2008 at 11:57 PM, Leo Juan <[EMAIL PROTECTED]> wrote:
Thanks for your reply Rob and Jefferson.

Exactly, I am using the Windows XP SP0 as my honeypot and the sebek is
installed in it.
So, is it a open issue that Windows XP honeypot can't show the 
sub-process
tree??
And even more information like sebek key logs????

It seems not good for Windows user.  :(
Thanks all guys.
_______________________________________________
Honeywall mailing list
Honeywall@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/honeywall


__________ NOD32 3449 (20080917) Information __________

This message was checked by NOD32 antivirus system.
http://www.nod32.com.hk



_______________________________________________
Honeywall mailing list
Honeywall@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/honeywall