1. Turn on debug logs in SEMSi [1]:

• edit SEMS config file and set:
• forki [2]=no
• stderr=yes
• loglevel=3

2. record the traffic at every host in your installation:

• use any PCAP compatible program and record the network traffic:
• example:
• tcpdump -s 0 not port ssh -w [output_filename]
• you can then open this file with wireshark (aka. ethereal) and analyse the call flows.