Re: Crash Monitor

[Warner Tabor <pneusolematic () mac com>]

You might want to take a look at a piece of software called  
EventSentry. I am currently using it to monitor several important  
servers. It is reading Tomcat logs, system events, etc and sending  
emails to me if certain events or log entries occur. It is also able  
to monitor services for start, stop actions. It is very robust, but  
the UI is a bit quirky. Still it is a great and powerful log / event  
monitoring package. http://www.eventsentry.com/

-SKip
On Jul 5, 2008, at 1:08 PM, Unknown wrote:

> Uff uff,
>
> actually, is the box reinstalled (XP), patched and protected by  
> firewall
> and AV. The new configuration is similar to previous p2p-"decorations"
> just in a newer versions.
> At now it seems everything  in order. (Probably we have all data
> secured !!! )
>
> My first suggestion was also hardware. But such problem can't be  
> removed
> with restart.
>
> Some direct answers asking me about HW. In brief:
> - capacitors around the CPU      OK.
> - CPU  fan                       OK
> - Memory                         ?? => to be checked
> - HDD                            ?? => to be checked
>         but I do periodically defragmentation
>         after some crashes In was nessessary to run CHDSK
>         but no error were detected.
>
> What of Audit-tool would you suggest? (I Have ols SUSE 9.0 Install DVD
> with memory check-Software)
> What about Auditor? (Linux [Knoppix?] bootable CD with some tools)
>
> But now I try to ask more precisely:
> It is possible monitoring all windows processes on some standalone
> machine? It must be possible, but how? I'm searching for a tool like
> FileMon, RegMon, which can get me some informations about actual
> situation on my box (best way : service which write a logfile).
>
> Thank you very much for all answers.
>
> Have a nice day (Im goning BACKUP our DATA!)
>
>
> Martin
>
> On Fri, 2008-07-04 at 14:58 +0530, Sumeet Narula wrote:
> > Actually I do agree with him, In our experience sometimes  
> > especially where you can not definitely say where the problem lies,  
> > its quicker and less heartburn to do so, I agree it may sound like  
> > demolishing a house and rebuilding because of termite but this is  
> > not on the same scale :-)
> >
> > Sumeet Narula
> > A-25, | Preet Vihar | New Delhi - 110092 (India).
> > Tel.: +91-11-22545159 | Mobile: +91-9810166000
> > e-mail: sumeet.narula () gmail com
> >  Help save paper - do you need to print this email?
> >
> >
> > -----Original Message-----
> > From: listbounce () securityfocus com [mailto:listbounce () securityfocus com 
> > ] On Behalf Of Scott Race
> > Sent: Thursday, July 03, 2008 01:26
> > To: Rivest, Philippe; infolookup () gmail com; GremaGehan () web de; listbounce () securityfocus com 
> > ; security-basics () securityfocus com
> > Subject: RE: Crash Monitor
> >
> >
> > Philippe, your proposed solution is like demolishing your house and  
> > rebuilding because you think you "might" have termites.
> >
> > I beg to differ than home PC data is less important than corporate  
> > data.  Home PC data is very important to that home user. If you  
> > assume "expertise is lacking", then a format/reinstall could easily  
> > result in data loss (family pictures, financial info, etc).
> >
> > Bottom line is that if expertise is lacking, the user should find  
> > someone who knows what they're doing and check out how severe it is.
> >
> > And what if there is no rootkit?  You can at least get an idea of  
> > the risk factor by using the various tools of the trade (search and  
> > destroy products, netstat for listening ports, software firewall to  
> > check for incoming/outgoing connections, task mgr for running  
> > processes, etc).
> >
> > To me, format and reinstall would be a better solution for a  
> > corporate PC, as generally data is stored on file servers and not  
> > on the local machine, thus there is little risk of a format losing  
> > sensitive data (of course this varies from network to network).   
> > Home PCs generally have lots of data on them, and are generally not  
> > backed up.
> >
> > Case in point, my father-in-law just called Dell with a problem  
> > (he's an older guy), Dell ended up having him format the drive.  He  
> > had burned his data to a CD a few days before, but guess what, the  
> > CD didn't burn correctly (and he's a home user, he didn't test  
> > it).  DATA LOSS.  Sucks for him, all his Quicken data and family  
> > pics are gone.
> >
> > Format should be a last resort.  Yes, it works, but there are other  
> > things to try first to get an idea of what solution is necessary.
> >
> >
> > Scott
> >
> > -----Original Message-----
> > From: listbounce () securityfocus com [mailto:listbounce () securityfocus com 
> > ] On Behalf Of Rivest, Philippe
> > Sent: Wednesday, July 02, 2008 12:22 PM
> > To: infolookup () gmail com; GremaGehan () web de; listbounce () securityfocus com 
> > ; security-basics () securityfocus com
> > Subject: RE: Crash Monitor
> >
> > To add to the previous post.
> >
> > If you are going to look for rootkits I would suggest formatting and
> > re-installing. If you suspect you have a root-kit on your PC theres  
> > no need
> > to identify it or KNOW you have one. Just do a full format &  
> > reinstall.
> >
> > If you have a rootkit,theres no complete way to remove it. I mean  
> > to know
> > 100% that everything critical is removed. The time you are going to  
> > spend
> > investigating this, cleaning it and worrying about the after  
> > effects would be
> > better spent reinstalling.
> >
> > For all those who are going to hit me with "you should know if  
> > there's a
> > rootkit", this is a stand alone PC, not corporate and the expertise  
> > and time
> > may be lacking. Also the lvl of sensitivity of the PC is probably  
> > very low.
> >
> >
> > Format and move on
> >
> >
> > Merci / Thanks
> > Philippe Rivest, CEH
> > Vérificateur interne en sécurité de l'information
> > Courriel: Privest () transforce ca
> > Téléphone: (514) 331-4417
> > www.transforce.ca
> >
> >
> > -----Message d'origine-----
> > De : listbounce () securityfocus com [mailto:listbounce () securityfocus com 
> > ] De la
> > part de infolookup () gmail com
> > Envoyé : 2 juillet 2008 15:13
> > À : GremaGehan () web de; listbounce () securityfocus com;
> > security-basics () securityfocus com
> > Objet : Re: Crash Monitor
> >
> > Virus protection up to date? Any P2P software like lime wire that  
> > could bring
> > in tones of problems? Did you recently add any new software or  
> > hardware? Also
> > go to Microsoft site and download a root kit program and scan your  
> > pc.
> > ------Original Message------
> > From: GremaGehan () web de
> > Sender: listbounce () securityfocus com
> > To: security-basics () securityfocus com
> > Sent: Jul 2, 2008 2:20 PM
> > Subject: Crash Monitor
> >
> > Hello list,
> >
> > my wife using Win 2000 + MS Office to writing her thesis. Of course
> > there are also such important tools like a Skype, ICQ ...... etc.  
> > (you
> > know ... ) At now it is daily that this PC is crashing. I don't know
> > why. It is possible to detect the crashing application? Do you know  
> > some
> > tool (something like DrWatson.)? The PC ist patched, Event Viewer  
> > show
> > nothing.
> > The most probably case is: ca. 1 hour after login hanging this PC up.
> > Independently of runnig applications. After restart its work  
> > normally.
> >
> > Thank you in advance
> >
> > Martin
> >
> >
> > _______________________________________________________________________
> > EINE FÜR ALLE: die kostenlose WEB.DE-Plattform für Freunde und  
> > Deine
> > Homepage mit eigenem Namen. Jetzt starten! http://unddu.de/?kid=kid@mf2
> >
> >
> >
> > Sent from my Verizon Wireless BlackBerry