[Honeywall] About the process tree and the related command

Chengyu Song songchengyu at honeynet.org
Tue Jun 2 09:18:32 EDT 2009


Hi Gaozc,

If you want to see the Sebek data on Walleye, the process and command
information must be corelated to a network flow through socket. I'd also
like a seperate page for Sebek data only, but unfortunately, there is no
such page now. So I suggest you check the socket information and network
flow information to find out why they are not corelated.

Thanks,

Chengyu

2009/6/1 Gaozc <gzc5555 at foxmail.com>

>   *Dear all:*
> I met a trouble when I use the walleye UI to analyze the data. The problem
> is that I cann't see the process tree and the related command occuring in
> the honeypot,but the database have data about these information
> (sys_socket,sys_read,process,process_tree and so on).
>   The other function about the walleye UI is  normal. I deploy the honeynet
> in the virtual way by the Vmware Workstation. The Host Computer is Windows
> 2003 ,Install the honeywall with roo-1.4 and the os of the honeypot is
> windows 2000 and 2003.
>
> Thankyou very much for any help on this problem!
>
> _______________________________________________
> Honeywall mailing list
> Honeywall at public.honeynet.org
> https://public.honeynet.org/mailman/listinfo/honeywall
>
>


-- 
Chengyu Song
Chinese Chapter, Honeynet Project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://public.honeynet.org/pipermail/honeywall/attachments/20090602/c23e78b5/attachment.html


More information about the Honeywall mailing list