Security Basics mailing list archives
Re: Crash Monitor
From: Warner Tabor <pneusolematic () mac com>
Date: Mon, 07 Jul 2008 18:04:17 -0400
You might want to take a look at a piece of software called EventSentry. I am currently using it to monitor several important servers. It is reading Tomcat logs, system events, etc and sending emails to me if certain events or log entries occur. It is also able to monitor services for start, stop actions. It is very robust, but the UI is a bit quirky. Still it is a great and powerful log / event monitoring package. http://www.eventsentry.com/
-SKip On Jul 5, 2008, at 1:08 PM, Unknown wrote:
Uff uff,actually, is the box reinstalled (XP), patched and protected by firewalland AV. The new configuration is similar to previous p2p-"decorations" just in a newer versions. At now it seems everything in order. (Probably we have all data secured !!! )My first suggestion was also hardware. But such problem can't be removedwith restart. Some direct answers asking me about HW. In brief: - capacitors around the CPU OK. - CPU fan OK - Memory ?? => to be checked - HDD ?? => to be checked but I do periodically defragmentation after some crashes In was nessessary to run CHDSK but no error were detected. What of Audit-tool would you suggest? (I Have ols SUSE 9.0 Install DVD with memory check-Software) What about Auditor? (Linux [Knoppix?] bootable CD with some tools) But now I try to ask more precisely: It is possible monitoring all windows processes on some standalone machine? It must be possible, but how? I'm searching for a tool like FileMon, RegMon, which can get me some informations about actual situation on my box (best way : service which write a logfile). Thank you very much for all answers. Have a nice day (Im goning BACKUP our DATA!) Martin On Fri, 2008-07-04 at 14:58 +0530, Sumeet Narula wrote:Actually I do agree with him, In our experience sometimes especially where you can not definitely say where the problem lies, its quicker and less heartburn to do so, I agree it may sound like demolishing a house and rebuilding because of termite but this is not on the same scale :-)Sumeet Narula A-25, | Preet Vihar | New Delhi - 110092 (India). Tel.: +91-11-22545159 | Mobile: +91-9810166000 e-mail: sumeet.narula () gmail com Help save paper - do you need to print this email? -----Original Message-----From: listbounce () securityfocus com [mailto:listbounce () securityfocus com ] On Behalf Of Scott RaceSent: Thursday, July 03, 2008 01:26To: Rivest, Philippe; infolookup () gmail com; GremaGehan () web de; listbounce () securityfocus com ; security-basics () securityfocus comSubject: RE: Crash MonitorPhilippe, your proposed solution is like demolishing your house and rebuilding because you think you "might" have termites.I beg to differ than home PC data is less important than corporate data. Home PC data is very important to that home user. If you assume "expertise is lacking", then a format/reinstall could easily result in data loss (family pictures, financial info, etc).Bottom line is that if expertise is lacking, the user should find someone who knows what they're doing and check out how severe it is.And what if there is no rootkit? You can at least get an idea of the risk factor by using the various tools of the trade (search and destroy products, netstat for listening ports, software firewall to check for incoming/outgoing connections, task mgr for running processes, etc).To me, format and reinstall would be a better solution for a corporate PC, as generally data is stored on file servers and not on the local machine, thus there is little risk of a format losing sensitive data (of course this varies from network to network). Home PCs generally have lots of data on them, and are generally not backed up.Case in point, my father-in-law just called Dell with a problem (he's an older guy), Dell ended up having him format the drive. He had burned his data to a CD a few days before, but guess what, the CD didn't burn correctly (and he's a home user, he didn't test it). DATA LOSS. Sucks for him, all his Quicken data and family pics are gone.Format should be a last resort. Yes, it works, but there are other things to try first to get an idea of what solution is necessary.Scott -----Original Message-----From: listbounce () securityfocus com [mailto:listbounce () securityfocus com ] On Behalf Of Rivest, PhilippeSent: Wednesday, July 02, 2008 12:22 PMTo: infolookup () gmail com; GremaGehan () web de; listbounce () securityfocus com ; security-basics () securityfocus comSubject: RE: Crash Monitor To add to the previous post. If you are going to look for rootkits I would suggest formatting andre-installing. If you suspect you have a root-kit on your PC theres no need to identify it or KNOW you have one. Just do a full format & reinstall.If you have a rootkit,theres no complete way to remove it. I mean to know 100% that everything critical is removed. The time you are going to spend investigating this, cleaning it and worrying about the after effects would bebetter spent reinstalling.For all those who are going to hit me with "you should know if there's a rootkit", this is a stand alone PC, not corporate and the expertise and time may be lacking. Also the lvl of sensitivity of the PC is probably very low.Format and move on Merci / Thanks Philippe Rivest, CEH Vérificateur interne en sécurité de l'information Courriel: Privest () transforce ca Téléphone: (514) 331-4417 www.transforce.ca -----Message d'origine-----De : listbounce () securityfocus com [mailto:listbounce () securityfocus com ] De lapart de infolookup () gmail com Envoyé : 2 juillet 2008 15:13 À : GremaGehan () web de; listbounce () securityfocus com; security-basics () securityfocus com Objet : Re: Crash MonitorVirus protection up to date? Any P2P software like lime wire that could bring in tones of problems? Did you recently add any new software or hardware? Also go to Microsoft site and download a root kit program and scan your pc.------Original Message------ From: GremaGehan () web de Sender: listbounce () securityfocus com To: security-basics () securityfocus com Sent: Jul 2, 2008 2:20 PM Subject: Crash Monitor Hello list, my wife using Win 2000 + MS Office to writing her thesis. Of coursethere are also such important tools like a Skype, ICQ ...... etc. (youknow ... ) At now it is daily that this PC is crashing. I don't knowwhy. It is possible to detect the crashing application? Do you know some tool (something like DrWatson.)? The PC ist patched, Event Viewer shownothing. The most probably case is: ca. 1 hour after login hanging this PC up.Independently of runnig applications. After restart its work normally.Thank you in advance Martin _______________________________________________________________________EINE FÜR ALLE: die kostenlose WEB.DE-Plattform für Freunde und DeineHomepage mit eigenem Namen. Jetzt starten! http://unddu.de/?kid=kid@mf2 Sent from my Verizon Wireless BlackBerry
Current thread:
- Crash Monitor GremaGehan (Jul 02)
- <Possible follow-ups>
- Re: Crash Monitor infolookup (Jul 02)
- RE: Crash Monitor Rivest, Philippe (Jul 02)
- RE: Crash Monitor Scott Race (Jul 02)
- RE: Crash Monitor -- rootkit discussion Rivest, Philippe (Jul 02)
- RE: Crash Monitor -- rootkit discussion kawasaki.lector (Jul 02)
- RE: Crash Monitor -- rootkit discussion Karl Lankford (Jul 03)
- Re[2]: Crash Monitor -- rootkit discussion Adam Pal (Jul 02)
- RE: Crash Monitor Rivest, Philippe (Jul 02)
- Message not available
- RE: Crash Monitor Unknown (Jul 07)
- Re: Crash Monitor Warner Tabor (Jul 07)
- Re: Crash Monitor Kelly Keeton (Jul 11)
- RE: Crash Monitor Banyan He (Jul 12)