walleye issue?

["James Lee" <jak.james () gmail com>]

Hi,
When I'm monitoring my honeywall in realtime  with something like this:
./sbk_extract -i eth1 -p 1101 | ./sbk_ks_log.pl
and I start an ssh session to the honeypot I can see everything on my
monitor, however when I go check that session on walleye interface for
every ssh sessions started I always see a weird process tree, that is,
the command list isn't correct and it ALWAYS has:
a sshd that forks a "bash sshd", then a "egrep", then a "bash egrep",
then "grep", another "grep", then a "ls", then a "cat", then another
"ls" and then a "clear". However I never executed those commands and
the real commands don't show up.

Any help? Is there any new walleye version out there?

Thanks,
James Lee