Sebek-client module must be reinstalled after every shutdown??

[Jason Schoenbrun <athlon () umd edu>]

Thank you for all your help so far,

The other day my Sebek server was successfully logging all
read data from the Sebek client. Exciting!
But, when I restart the computer, (with the server still
monitoring the same port) the server never logs anything
beyond the previous shutdown system commands.
To get it to work again, I have to log back in to root on the
client and ./sbk_install.sh again.
Is that normal? (I assume not)


On a an unrelated note, once I get it set up, I'm planning on
studying system calls so that I can manually parse through the
captured data to understand what the hacker was doing.
This sounds rather tedious compared to the possibility of
having a perl script or the like to automatically parse the
code for certain patterns identifiable as known exploits. Do
such programs/scripts exist?

Thanks again,
Jason