[Honeywall] Sebek Feedback

=?big5?B?rl2+x7S8?= acoco at mail.dyu.edu.tw
Fri May 30 02:57:42 EDT 2008


Dear Sir:

I have a question in my Roo 1.1 with Sebek 

I install Sebek in my Fedora core 3 system ,than I setting my lab.

 

Sometime, I have see sebek log in walleye , I use command ¡§ls ¡Val ¡§ , but
in walleye just see ¡§ls¡¨

 

Sometimes , I have see port 1101 packet in walleye (not 0 Kb) , but can¡¦t
discovery sebek log.

 

Any one can help me ? very thanks.

 

This is my filter.txt

//start

action=full          file=(name=/dev/random  strict)

action=keystrokes    sock=(server) opt=(follow_child_proc)

action=ignore        file=(name=/dev/zero strict)

 

action=full   file=(name=/dev/random  strict)

action=ignore file=(name=/dev/        strict  inc_subdirs)

 

action=keystrokes sock=(proto=tcp rem_port=22)

action=keystrokes sock=(proto=tcp local_port=22)  opt=(follow_child_proc)

 

action=keystrokes user=admin opt=(follow_child_proc)

action=keystrokes user=john opt=(follow_child_proc)

 

action=keystrokes

//stop

 

Did I use this command to monitor port 1234 ?

action=keystrokes sock=(proto=tcp local_port=1234) opt=(follow_child_proc)

 

thx a lot.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://public.honeynet.org/pipermail/honeywall/attachments/20080530/866c8859/attachment.html


More information about the Honeywall mailing list