The process tree you see in Walleye is built by Walleye when you navigate to it. Walleye gets the data to draw it from the database. So if there is missing data in the database, then Walleye will not draw the proper thing. I don't think the issue is Walleye related because it works with the Linux sebek data. I think the issue is between hflow2 and the Windows sebek client. More than likely, something is not right in the "sebek protocol".
Can someone verify that the latests Windows sebek client is stable on Windows XP SP0? I will install it this weekend and verify the data format it is using to put sebek packets on the wire. Thanks in advance, Rob On Fri, Sep 19, 2008 at 11:53 AM, Jefferson, Shawn <[EMAIL PROTECTED]> wrote: > So that's what's building the process trees as well then... I wonder why > Windows sebek packets don't get a pretty process tree like linux sebek > packets do? _______________________________________________ Honeywall mailing list [email protected] https://public.honeynet.org/mailman/listinfo/honeywall
