HoneyNet Question

["Hosun Yoo" <hosun () cmu edu>]

 Hi!,
 
 I have experience with Honeyd but new to HoneyNet.

 If I set up HoneyNet, how do I know if my honeypot has been compromised beside checking Snort alerts?

 I believe Snort wouldn't catch attacks not in its signatures (rules).

 And, I think Sebek is a passive monitoring program.  So, I have to input a command line to check keystrokes and 
changed system files once a while.

 Is there any program that automatically alerts me whenever keystroke or changed file is detected?  Or, does Sebek have 
this kind of feature?

 Thanks,