[Honeywall] About the process tree and the related command
songchengyu at honeynet.org
Tue Jun 2 09:18:32 EDT 2009
If you want to see the Sebek data on Walleye, the process and command
information must be corelated to a network flow through socket. I'd also
like a seperate page for Sebek data only, but unfortunately, there is no
such page now. So I suggest you check the socket information and network
flow information to find out why they are not corelated.
2009/6/1 Gaozc <gzc5555 at foxmail.com>
> *Dear all:*
> I met a trouble when I use the walleye UI to analyze the data. The problem
> is that I cann't see the process tree and the related command occuring in
> the honeypot,but the database have data about these information
> (sys_socket,sys_read,process,process_tree and so on).
> The other function about the walleye UI is normal. I deploy the honeynet
> in the virtual way by the Vmware Workstation. The Host Computer is Windows
> 2003 ,Install the honeywall with roo-1.4 and the os of the honeypot is
> windows 2000 and 2003.
> Thankyou very much for any help on this problem!
> Honeywall mailing list
> Honeywall at public.honeynet.org
Chinese Chapter, Honeynet Project
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Honeywall