[Honeywall] #44: Windows sebek client does not integrate with Walleye

Honeywall honeywall-trac at projects.honeynet.org
Wed Jun 11 11:42:11 EDT 2008


#44: Windows sebek client does not integrate with Walleye
----------------------+-----------------------------------------------------
  Reporter:  bjou     |       Owner:  rob at honeynet.org
      Type:  defect   |      Status:  new             
  Priority:  major    |   Milestone:  roo-1.4         
 Component:  Walleye  |     Version:  1.4b3           
Resolution:           |    Keywords:                  
----------------------+-----------------------------------------------------
Comment (by bjou):

 Hey guys,

 another bug in sebek: Although sebek data from windows does not integrate
 with walleye (see Ticket #44), I can live view keystrokes using
 "sbk_extract -i eth1 -p1101 | sbk_ks_log.pl" on the gateway. Output:
 x.x.x.249 2008/06/11 15:29:50  record 173 received 1 lost 0 (0.00 percent)
 [2008-06-11 15:29:52 Host:x.x.x.249 UID:0 PID:1604 FD:0 INO:0 COM:cmd.exe
 ]#Microsoft Windows XP [Version 5.1.2600]
 =====[and so on, listing the keytrokes]=====

 The linux sebek version (Linux 2.6 Client 3.2.0b with filtering) only
 gives me the introduction line:

 x.x.x.250 2008/06/11 15:39:15  record 684 received 14 lost 0 (0.00
 percent)

 but no keystrokes for live monitoring...

  -best regards, bjoern

-- 
Ticket URL: <https://projects.honeynet.org/honeywall/ticket/44#comment:1>
Honeywall <https://projects.honeynet.org/honeywall>
Honeywall Public Project Site


More information about the Honeywall mailing list