[Honeywall] Keystroke Summary

Bjoern Weiland bjoern.weiland at rz.uni-karlsruhe.de
Thu Jun 12 08:37:37 EDT 2008


Rob,

>     What kind of output are you actually looking for?  Can you give me
> an example to make sure I am thinking along the same lines?

I am looking for something pretty similar as illsutrated in the KYE: 
Sebek Paper (www.honeynet.org/papers/sebek.pdf) on page 15 and the 
following ones. A summary of all captured keystrokes, not for each 
process. Moreover, the "sbk_extract -i eth1 -p1101 | sbk_ks_log.pl" 
command is as close as I can get to that right now (so it seems), but as 
listed in my comment to ticket #44, this currently does not for for my 
Linux Honeypot using the newest sebek.

>     I am currently working on a script to poke at the database and
> correlate keystrokes with the source ip responsible for making them.

That's pretty much what I mean

  -best regards, bjoern


More information about the Honeywall mailing list