sebek server question

["Kathy Simm" <kathys39 () hotmail com>]

I have sebek client running on my honeypot.  On my honeywall I start 
rcfirewall, snort and snortinline.  When I try the following on my 
honeywall, I see all the keystrokes fine:
     sbk_extract -i eth2 -p 1101 | sbk_ks_log.pl


However, when I try to send the sebek info to a file (for later processing), 
it never works.  I type the following:
     sbk_extract -f sebekout -i eth2 -p 207373 &

I then take the file sebekout, cat it, and sent to either sbk-ks_log or 
sbk_upload.pl.  Neither script appears to work, but neither geneates errors.

What format should this file me?  ASCII?

I have also tried just tcpdumping the interface (tcpdump -i eth2 -w 
tcpdumpout) and feeding this to sbk-extract and all I get is  Bad Dump File 
Format.

I've read the docs, but for those of us who are collecting the data, and 
transferring to another system (manually, the client won't allow auto stuff) 
things are a bit murky. Can someone help?  thanks