Sebek is a data capture tool designed to capture attacker's activities on a honeypot, without the attacker (hopefully) knowing it. Sebek in a kernel based monitoring tool originally built to circumvent session encryption and monitor user input. It has been expanded to monitor other aspects of the system which aid in honeynet data analysis. You can see the link below:
You also can see this link below about Sebek3:
I think i want to test it during my free time because i never develop, deploy and test honeynet technologies before this.