[Honeywall] Sebek Feedback

=?big5?B?rl2+x7S8?= acoco at mail.dyu.edu.tw
Fri May 30 02:57:42 EDT 2008

Dear Sir:

I have a question in my Roo 1.1 with Sebek 

I install Sebek in my Fedora core 3 system ,than I setting my lab.


Sometime, I have see sebek log in walleye , I use command ¡§ls ¡Val ¡§ , but
in walleye just see ¡§ls¡¨


Sometimes , I have see port 1101 packet in walleye (not 0 Kb) , but can¡¦t
discovery sebek log.


Any one can help me ? very thanks.


This is my filter.txt


action=full          file=(name=/dev/random  strict)

action=keystrokes    sock=(server) opt=(follow_child_proc)

action=ignore        file=(name=/dev/zero strict)


action=full   file=(name=/dev/random  strict)

action=ignore file=(name=/dev/        strict  inc_subdirs)


action=keystrokes sock=(proto=tcp rem_port=22)

action=keystrokes sock=(proto=tcp local_port=22)  opt=(follow_child_proc)


action=keystrokes user=admin opt=(follow_child_proc)

action=keystrokes user=john opt=(follow_child_proc)





Did I use this command to monitor port 1234 ?

action=keystrokes sock=(proto=tcp local_port=1234) opt=(follow_child_proc)


thx a lot.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://public.honeynet.org/pipermail/honeywall/attachments/20080530/866c8859/attachment.html

More information about the Honeywall mailing list