gzc5555 at foxmail.com
Wed Jun 3 01:56:23 EDT 2009
I would do and check on the basis of your suggestion.
Thanks Chengyu for your help!
------------------ ÔÊ¼ÓÊ¼þ ------------------
·¢¼þÈË: "Chengyu Song"<songchengyu at honeynet.org>;
·¢ËÍÊ±¼ä: 2009Äê6ÔÂ2ÈÕ(ÐÇÆÚ¶þ) ÍíÉÏ9:18
ÊÕ¼þÈË: "Mailing list for users and developers of the Honeywall"<honeywall at public.honeynet.org>;
Ö÷Ìâ: Re: [Honeywall] About the process tree and the related command
If you want to see the Sebek data on Walleye, the process and command information must be corelated to a network flow through socket. I'd also like a seperate page for Sebek data only, but unfortunately, there is no such page now. So I suggest you check the socket information and network flow information to find out why they are not corelated.
2009/6/1 Gaozc <gzc5555 at foxmail.com>
I met a trouble when I use the walleye UI to analyze the data. The problem is that I cann't see the process tree and the related command occuring in the honeypot,but the database have data about these information (sys_socket,sys_read,process,process_tree and so on).
The other function about thewalleyeUI is normal. I deploy the honeynet in the virtual way by the Vmware Workstation. The Host Computer is Windows 2003 ,Install the honeywall with roo-1.4 and the os of the honeypotis windows 2000 and 2003.
Thankyou very much for any help on this problem!
Honeywall mailing list
Honeywall at public.honeynet.org
Chinese Chapter, Honeynet Project
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Honeywall