Re: Crash Monitor



has no one suggested windbg ...that is its purpose after all. make
sure you change your kernel dump to full and not the "light mode"
the newer versions you dont really need to know what your dooin just
how to decode the output

On Mon, Jul 7, 2008 at 3:04 PM, Warner Tabor <pneusolematic@xxxxxxx> wrote:
You might want to take a look at a piece of software called EventSentry. I
am currently using it to monitor several important servers. It is reading
Tomcat logs, system events, etc and sending emails to me if certain events
or log entries occur. It is also able to monitor services for start, stop
actions. It is very robust, but the UI is a bit quirky. Still it is a great
and powerful log / event monitoring package. http://www.eventsentry.com/

-SKip
On Jul 5, 2008, at 1:08 PM, Unknown wrote:

Uff uff,

actually, is the box reinstalled (XP), patched and protected by firewall
and AV. The new configuration is similar to previous p2p-"decorations"
just in a newer versions.
At now it seems everything in order. (Probably we have all data
secured !!! )

My first suggestion was also hardware. But such problem can't be removed
with restart.

Some direct answers asking me about HW. In brief:
- capacitors around the CPU OK.
- CPU fan OK
- Memory ?? => to be checked
- HDD ?? => to be checked
but I do periodically defragmentation
after some crashes In was nessessary to run CHDSK
but no error were detected.

What of Audit-tool would you suggest? (I Have ols SUSE 9.0 Install DVD
with memory check-Software)
What about Auditor? (Linux [Knoppix?] bootable CD with some tools)

But now I try to ask more precisely:
It is possible monitoring all windows processes on some standalone
machine? It must be possible, but how? I'm searching for a tool like
FileMon, RegMon, which can get me some informations about actual
situation on my box (best way : service which write a logfile).

Thank you very much for all answers.

Have a nice day (Im goning BACKUP our DATA!)


Martin

On Fri, 2008-07-04 at 14:58 +0530, Sumeet Narula wrote:

Actually I do agree with him, In our experience sometimes especially
where you can not definitely say where the problem lies, its quicker and
less heartburn to do so, I agree it may sound like demolishing a house and
rebuilding because of termite but this is not on the same scale :-)

Sumeet Narula
A-25, | Preet Vihar | New Delhi - 110092 (India).
Tel.: +91-11-22545159 | Mobile: +91-9810166000
e-mail: sumeet.narula@xxxxxxxxx
 Help save paper - do you need to print this email?


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Scott Race
Sent: Thursday, July 03, 2008 01:26
To: Rivest, Philippe; infolookup@xxxxxxxxx; GremaGehan@xxxxxx;
listbounce@xxxxxxxxxxxxxxxxx; security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: Crash Monitor


Philippe, your proposed solution is like demolishing your house and
rebuilding because you think you "might" have termites.

I beg to differ than home PC data is less important than corporate data.
Home PC data is very important to that home user. If you assume "expertise
is lacking", then a format/reinstall could easily result in data loss
(family pictures, financial info, etc).

Bottom line is that if expertise is lacking, the user should find someone
who knows what they're doing and check out how severe it is.

And what if there is no rootkit? You can at least get an idea of the
risk factor by using the various tools of the trade (search and destroy
products, netstat for listening ports, software firewall to check for
incoming/outgoing connections, task mgr for running processes, etc).

To me, format and reinstall would be a better solution for a corporate
PC, as generally data is stored on file servers and not on the local
machine, thus there is little risk of a format losing sensitive data (of
course this varies from network to network). Home PCs generally have lots
of data on them, and are generally not backed up.

Case in point, my father-in-law just called Dell with a problem (he's an
older guy), Dell ended up having him format the drive. He had burned his
data to a CD a few days before, but guess what, the CD didn't burn correctly
(and he's a home user, he didn't test it). DATA LOSS. Sucks for him, all
his Quicken data and family pics are gone.

Format should be a last resort. Yes, it works, but there are other
things to try first to get an idea of what solution is necessary.


Scott

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Rivest, Philippe
Sent: Wednesday, July 02, 2008 12:22 PM
To: infolookup@xxxxxxxxx; GremaGehan@xxxxxx;
listbounce@xxxxxxxxxxxxxxxxx; security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: Crash Monitor

To add to the previous post.

If you are going to look for rootkits I would suggest formatting and
re-installing. If you suspect you have a root-kit on your PC theres no
need
to identify it or KNOW you have one. Just do a full format & reinstall.

If you have a rootkit,theres no complete way to remove it. I mean to know
100% that everything critical is removed. The time you are going to spend
investigating this, cleaning it and worrying about the after effects
would be
better spent reinstalling.

For all those who are going to hit me with "you should know if there's a
rootkit", this is a stand alone PC, not corporate and the expertise and
time
may be lacking. Also the lvl of sensitivity of the PC is probably very
low.


Format and move on


Merci / Thanks
Philippe Rivest, CEH
Vérificateur interne en sécurité de l'information
Courriel: Privest@xxxxxxxxxxxxx
Téléphone: (514) 331-4417
www.transforce.ca


-----Message d'origine-----
De : listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
De la
part de infolookup@xxxxxxxxx
Envoyé : 2 juillet 2008 15:13
À : GremaGehan@xxxxxx; listbounce@xxxxxxxxxxxxxxxxx;
security-basics@xxxxxxxxxxxxxxxxx
Objet : Re: Crash Monitor

Virus protection up to date? Any P2P software like lime wire that could
bring
in tones of problems? Did you recently add any new software or hardware?
Also
go to Microsoft site and download a root kit program and scan your pc.
------Original Message------
From: GremaGehan@xxxxxx
Sender: listbounce@xxxxxxxxxxxxxxxxx
To: security-basics@xxxxxxxxxxxxxxxxx
Sent: Jul 2, 2008 2:20 PM
Subject: Crash Monitor

Hello list,

my wife using Win 2000 + MS Office to writing her thesis. Of course
there are also such important tools like a Skype, ICQ ...... etc. (you
know ... ) At now it is daily that this PC is crashing. I don't know
why. It is possible to detect the crashing application? Do you know some
tool (something like DrWatson.)? The PC ist patched, Event Viewer show
nothing.
The most probably case is: ca. 1 hour after login hanging this PC up.
Independently of runnig applications. After restart its work normally.

Thank you in advance

Martin


_______________________________________________________________________
EINE FÜR ALLE: die kostenlose WEB.DE-Plattform für Freunde und Deine
Homepage mit eigenem Namen. Jetzt starten! http://unddu.de/?kid=kid@mf2



Sent from my Verizon Wireless BlackBerry






Relevant Pages

  • RE: Crash Monitor
    ... Subject: Crash Monitor ... Just do a full format & reinstall. ... Virus protection up to date? ...
    (Security-Basics)
  • RE: Crash Monitor
    ... Subject: Crash Monitor ... has no one suggested windbg ...that is its purpose after all. ... format and reinstall would be a better solution for a corporate ... Just do a full format & reinstall. ...
    (Security-Basics)
  • RE: Crash Monitor -- rootkit discussion
    ... Crash Monitor -- rootkit discussion ... My first suspicions tend toward hardware problem.... ... the first post seemed to be able to format. ...
    (Security-Basics)
  • Re[2]: Crash Monitor -- rootkit discussion
    ... the first post seemed to be able to format. ... RP> investigating for the possibility of a rootkit, ... RP> safer to format it and reinstall. ... RP> Subject: RE: Crash Monitor ...
    (Security-Basics)
  • RE: Crash Monitor -- rootkit discussion
    ... the first post seemed to be able to format. ... Philippe Rivest, CEH ... To me, format and reinstall would be a better solution for a corporate PC, as ... Subject: Crash Monitor ...
    (Security-Basics)