[Honeywall] Keystroke Summary
rvmcmil at gmail.com
Thu Jun 12 08:14:56 EDT 2008
What kind of output are you actually looking for? Can you give me
an example to make sure I am thinking along the same lines?
I am currently working on a script to poke at the database and
correlate keystrokes with the source ip responsible for making them.
I started out with pcap files, but I found the source ip might not be
contained within the very same pcap file if the process had been
running for a long time. Therefore, the script runs against the hflow
database (I am trying to make it backwards compatible with the hflow1
schema) which makes it a bit slower if you do not give it a date
range. However, with the limited testing I have been doing, it seems
to group the source ip with the keystrokes. Need more data to ensure
it is working properly. Still in a very rough state, but I hope to
package it up for testing here very soon.
On Thu, Jun 12, 2008 at 7:59 AM, David Watson <david at honeynet.org.uk> wrote:
> This has been something that we have been keen to see for a while, and
> we are currently looking at potential solutions. Hopefully we'll be
> announcing something here in the next couple of months, once there is
> code available to test.
More information about the Honeywall