[Honeywall] Keystroke Summary
bjoern.weiland at rz.uni-karlsruhe.de
Thu Jun 12 08:37:37 EDT 2008
> What kind of output are you actually looking for? Can you give me
> an example to make sure I am thinking along the same lines?
I am looking for something pretty similar as illsutrated in the KYE:
Sebek Paper (www.honeynet.org/papers/sebek.pdf) on page 15 and the
following ones. A summary of all captured keystrokes, not for each
process. Moreover, the "sbk_extract -i eth1 -p1101 | sbk_ks_log.pl"
command is as close as I can get to that right now (so it seems), but as
listed in my comment to ticket #44, this currently does not for for my
Linux Honeypot using the newest sebek.
> I am currently working on a script to poke at the database and
> correlate keystrokes with the source ip responsible for making them.
That's pretty much what I mean
-best regards, bjoern
More information about the Honeywall