Sebeksol-2.05.03 Problems

[Ryan Barnett <RCBarnett () hushmail com>]

Happy New Year Everyone!  I am having problems using the current releases of Sebek for Solaris.  I configured the sebek 
client programs correctly and installed them on the honeypots.  I then started up the sbk_extract binary on the 
honeynet log host and piped it into the sbk_ks_log.pl script so that it would show the ascii text for data it sniffed 
off the wire.  When I started executing commands on the honeypot, the sebek sniffer did identify data, however it 
looked like it was binary data -

# ./sbk_extract -i eri0 -p 2222 | ./sbk_ks_log.pl
 monitoring eri0: looking for UDP dst port 2222
      ÷o>Ýsshd2wVT102VT102
ûú¢?õÀ
      bF>Ýsshd2i
ûú¢?õÀ*:>Ýsshd2f
ûú¢?õÎ>Ýsshd2c
ûú?õÀ   Õ>Ýsshd2oVT102VT102VT102^[[?1;2cVT102VT102
ûú¢     ?õÀ
           ÊB>Ýsshd2f
ûú¢
?õÀ>Ýsshd2i
ûú¢
   ?õÀî.>Ýsshd2gVT102VT102VT102
ûú¢
   ?õÀ½o>Ýsshd2n
?õÀ     >Ýsshd2fVT102VT102


I thought that the sbk_ks_log.pl script was supposed to make this data readable?  Additionally, I tried to log to a 
directory rather than to stand out per the README file's instructions -

Running:

  sbk_extract can pull sebek packets from libpcap file or from
  network interface. As it does so, it sends each record to standard out.

  Options include:

        - l logdir, the director sbk_extract stores logs in.

        - i device, if you are sniffing from the network this
                specifies which interface.

        - f file, if you are reading from pcap file, this specifies
                which file, you can read from file, or read from
                net
        
        - p port, specified what Destination UDP port to look for

However, when I tried to start up sbk_extract with the "-l logdir" flag and it didn't like it -

# ./sbk_extract -i eri0 -p 2222 -l sebek_logs | ./sbk_ks_log.pl
./sbk_extract: illegal option -- l
 monitoring eri0: looking for UDP dst port 2222
^C

Anyone run into these issues before???

Thanks,
Ryan