Honeypots mailing list archives

Re: How to monitor events in Windows?

From: Parvinder Bhasin <parvinder.bhasin () gmail com>
Date: Fri, 02 Nov 2007 11:59:50 -0700

A good free low interaction windows based honeypot would be "HONEYBOT".
http://www.atomicsoftwaresolutions.com/honeybot.php

Regarding sebek, make sure you are installing the sebek 3.0.4.
I am sure you know that eventviewer is OK place to check , plus some
sysinternal tools are great too.

Hope this helps.

Cheers!
-Parvinder Bhasin


mybayern1974 () sjtu edu cn wrote:

I want to know everything happend in my Windows box, including both 
local events and network events. Is there such a tool? I know sebek is a 
good choise, but unfortunately the sebek client is unable to work in 
windows box located in Virtual Machine like VMware. (It will cause "blue 
screen" when rebooting after finishing configuration.) Furthermore, I 
know another choice named "spector", but it's a commercial one.

So, is there any free one I can get?

Thanks in advance!

Current thread:

How to monitor events in Windows? mybayern1974 (Nov 02)
- RE: How to monitor events in Windows? Njoku, George O. (Nov 02)
- Re: How to monitor events in Windows? Jan Heisterkamp (Nov 02)
- Re: How to monitor events in Windows? Parvinder Bhasin (Nov 02)
- RE: How to monitor events in Windows? Steve Armstrong (Nov 04)
- <Possible follow-ups>
- Re: How to monitor events in Windows? ccelen (Nov 02)
- RE: How to monitor events in Windows? Francisco Rodrigo Cortinas Maseda (Nov 02)