Wed Jun 3 01:56:23 EDT 2009

I would do and check on the basis of your suggestion.
Thanks Chengyu for your help!
  Hi Gaozc,
 If you want to see the Sebek data on Walleye, the process and command information must be corelated to a network flow through socket. I'd also like a seperate page for Sebek data only, but unfortunately, there is no such page now. So I suggest you check the socket information and network flow information to find out why they are not corelated.

 2009/6/1 Gaozc <gzc5555 at foxmail.com>
     Dear all:
 I met a trouble when I use the walleye UI to analyze the data. The problem is that I cann't see the process tree and the related command occuring in the honeypot,but the database have data about these information (sys_socket,sys_read,process,process_tree and so on).
 The other function about thewalleyeUI is normal. I deploy the honeynet in the virtual way by the Vmware Workstation. The Host Computer is Windows 2003 ,Install the honeywall with roo-1.4 and the os of the honeypotis windows 2000 and 2003.
 Thankyou very much for any help on this problem!

Chengyu Song
Chinese Chapter, Honeynet Project
