=?gbk?B?u9i4tKO6IFtIb25leXdhbGxdIEFib3V0IHRoZSBw?= =?gbk?B?cm9jZXNzIHRyZWUgYW5kIHRoZSByZWxhdGVkIGNv?= =?gbk?B?bW1hbmQ=?=

=?gbk?B?L2Ftzt7P4M38LzpQ?= gzc5555 at foxmail.com
Wed Jun 3 01:56:23 EDT 2009

I would do and check on the basis of your suggestion.
Thanks Chengyu for your help!
------------------ ԭʼÓʼþ ------------------
·¢¼þÈË: "Chengyu Song"<songchengyu at honeynet.org>;
·¢ËÍʱ¼ä: 2009Äê6ÔÂ2ÈÕ(ÐÇÆÚ¶þ) ÍíÉÏ9:18
ÊÕ¼þÈË: "Mailing list for users and developers of the Honeywall"<honeywall at public.honeynet.org>; 

Ö÷Ìâ: Re: [Honeywall] About the process tree and the related command

  Hi Gaozc,
 If you want to see the Sebek data on Walleye, the process and command information must be corelated to a network flow through socket. I'd also like a seperate page for Sebek data only, but unfortunately, there is no such page now. So I suggest you check the socket information and network flow information to find out why they are not corelated.

 2009/6/1 Gaozc <gzc5555 at foxmail.com>
     Dear all:
 I met a trouble when I use the walleye UI to analyze the data. The problem is that I cann't see the process tree and the related command occuring in the honeypot,but the database have data about these information (sys_socket,sys_read,process,process_tree and so on).
 The other function about thewalleyeUI is normal. I deploy the honeynet in the virtual way by the Vmware Workstation. The Host Computer is Windows 2003 ,Install the honeywall with roo-1.4 and the os of the honeypotis windows 2000 and 2003.
 Thankyou very much for any help on this problem!

Honeywall mailing list
Honeywall at public.honeynet.org


Chengyu Song
Chinese Chapter, Honeynet Project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://public.honeynet.org/pipermail/honeywall/attachments/20090603/a14b66e0/attachment.html

More information about the Honeywall mailing list