From xcorp. He Released A Syslog Daemon on Windows 2000 / XP (AND POSSIBLY Server 2003 OR NT4 ...)
XSyslogd
The Source Code Is Published as Well as The Binary.
Posted @ 6:56 pm | feedback (0)
[Snort] IDS Policy Manager
Also from seculogger's blog.
IDS Policy Manager
IT Would Be Useful WHEN We Deploy Snort ON Multiple Nodes.INTERESTING, SO I WILL EVALUATE THIS in Future. I Decided That I add this in the task list at
My JP Site ... ;-)
Posted @ 6:42 PM | feedback (0)
Honeynet Security Console
From seculogger's blog.
Honeynet Security Console
IT Seems Very Neat. I Decided That I Should Evaluate this, with sebek!
Posted @ 6:36 pm | feedback (0)
Monday, May 10, 2004 #
Microsoft Support Webcast: Microsoft Windows XP: Exploring Boot Options and Recovery Console June 25, 2002
This Webcast Covers Topics Around "How to Use the Recovery Console" and more about trouplanooting the boot phase. It is a must think, you know, as we engineers handle issues around servers. ;-)
Microsoft Support Webcast: Microsoft Windows XP: Exploring Boot Options and Recovery Console June 25, 2002
Posted @ 10:16 AM | feedback (0)
Sunday, May 09, 2004 #
NOTE: [IIS] How to have to have.com?
From Bernard's Article.errors in IIS 6.0 Documentation
I Have ONCE TESTED THIS NNTP FEED Feature of IIS 6.0, with shavlik's news server. It Seems I have to dig more on this. ;-)
Thanks, Bernard!
Posted @ 5:01 pm | feedback (0)
JAPAN: PERSONAL AND PRIVATE IN DANGER?
From seculogger, annother japanese mvp.http://www.7th-angel.net/seculog/Item/550.html
According to NHK, a leading broadcasting company in Japan, about 38% of market-leading companies in Tokyo Stock Exchange Market stated that they do not and will not have | prepare rules to prevent the outflow of private information.Src (Pls use babelfish to HTTP: //www3.nhk.or.jp/news/2004/05/09/k20040508000025.htmlhttp: //www.asahi.com/national/Update/0508/012.html* Babelfish: http : //babelfish.Altavista.digital.com/babelfish/tr
I do not understand what these companies have in mind, as the privacy law will be enforced in the next year. This means all the companies should be careful and does have responsibility enough to prevent such a thing, otherwise it is each of these companies' FAULT. I WONDER WHERE PEOPLE IN THIS Country Area Heading for ...?
Posted @ 4:54 pm | feedback (0)
[Tool] Quest Software Quest Central (FREEWARE)
From sqljunkies.
Quest Software Quest Central for SQL Server - FREEWARE NOW AVAILABEHTTP: //www.quest.com/quest_central/sql_server/freeware/
IT Features Things Like this:
Database Administration Space Management 24x7 Monitoring Performance Diagnostics with Spotlight Database Analysis Load Testing and Data General
HMM, Sounds Not Too Bad, You KNOW.
Posted @ 4:36 pm | feedback (0)
[Tool] Syslog Turbo, ETC.
Softwares from weird-solution.
Http://www.weird-solutions.com/download/demo.html
AS for syslog turbo there is much thing. We can. We can can manipulate it with a sql-like dialect, Which May Be Useful if you are familiar with sql.
Posted @ 2:48 pm | feedback (0)
NOTE: Added Some Maps of Links.
I Added The Clickable Maps of Isc and ITS Internet Traffic Report Site.
The TrendMicro's stuff have to stay on top as otherwise I can not show other news.I hope in some near future we Japanese can have fully localized items of them. That way we can show our fellow people more precisely what is going on and what should be DONE AROUD EACH OF THEM ... (SIGH)
Posted @ 2:26 pm | feedback (0)
[Tool] iespell
A Spell Checker for IE. I Found IT WHEN I DID SOME SPELL-Checks on The Previous Article. This Tool Is for English Only, IT Seems. Still, IT IS VERY COZY.
IESPELL - A Spell Checker for Internet Explorer
Posted @ 3:25 am | feedback (0)
Saturday, May 08, 2004 #
Just a Note of log consolidation.
There are numbers of tasks around sysadmins and security engineers at the data centers, which include log management and monitoring the servers / clients to check if there is an unusual thing happening / ongoing.
I have begun to think of this one year ago when around me there were many of "untouched" or unmanaged as for the system environment. With such a server, when a trouble happens there is no one who could trace what is wrong or what should BE DONE, OR WORSE, WHEN THE BOX DOWNS. IT IS Not Cool ....
.
What i Have completed:
consolidating logs and alerts of network appliances, routers, (managed) switches, firewalls.This means I have to collect both syslog messages and SNMP traps.To do this I am using WinSyslog from Adiscon as a central location for storing syslog messages and Kiwi Syslog Daemon to collect SNMP traps. from Kiwi SNMP traps are translated into syslog and be poured in the syslog storage. consolidating Event log entries from Windows Machines.For this I am using NTSyslog I got from SourceForge. I am still in a half way as it Cannot Handle Multi-Byte Languages Properly, Especially Around (What Do you say "in Japanese" in Japanese) and Chinese character.
Another Point Here Is The Future Possibilities of Using of Of
Log Parser, Which is Written by a guy in Microsoft.
We can Handle Eventlog Messages In Multi-byte Languages WITHOUT A FEAR WITH CURRENT VERSIONS OF The Tools Released, AS IT Handles Those Characters As Unicode.
WE ENGINEERS INGUAGES WITI-BYTE LANGUAGES WELCOME THIS TOOL VERY MUCH AS WE Do Not Have To Think About "How To Localize this Cozy Tool?", ETC, ETC.
I am Not Yet Planning Utilizing this Very Kewl and Cozy Tool in My Framework Because I Want To Design "Effortless and Yet Cohere" Design, Though.
I Emphasize Here That I am Planning to Improve / Change The Whole Design So There Is Such A High Possibility That I Will BE Using this Tool.
In the MVP Summit 2004 some of us Japanese MVPs had a chance to discuss on the tool with the author, in which we have heard there will be much improvements in severals of the coming versions. I promise he is so dedicated and is so enthusiastic. ;-)
Choosing the base platform.I chose the following stuffs for this system:. A Log consolidationWindows 2000 Server / Server 2003IIS 5.0 and laterActive Server PagesMicrosoft SQL Server 2000Adiscon WinSyslog 4.2 or laterKiwi Syslog Daemon (to just translate SNMP Traps into syslog messages, without an effort .) Softether (as providing the VPN way to collect logs of servers in several segments of different locations on the Internet.) B. MRTG and some other system monitorsFor this I am using several up to now, and I am planning to consolidate the monitors in just a few nodes, as I want to include links for the graphs of MRTG in the system A. above. I intentionally have several nodes, as in such a way I can troubleshoot more precisely where the bottle neck / system down occurs.What I am NOT YET DOING:
Consolidating logs scattered around the system and messages written in other formsAs for these logs I am imagining api.log, setup.log, and so on which are written in the text format and scattered around the whole system for Windows OSes. Consolidating Backup and Task Scheduling logs of Windows NT-Based OSes Consolidating HFNETCHK / MBSA resultant texts. Consolidating MRTG results Consolidating results from tools for penetration testings like NIKTO, Syhunt, N-Stealth, Nessus, and so on. Merging and consolidating / var / log / messages and so on in Unix platforms including FreeBSD and Linux. Merging the logs of crond and the texts of logwatch from Unix platforms. Consolidating results of system monitoring softwares like those released from Dell, HP, and so on. Visualize the results to make it easier to Confirm what is going on. Issuing Alerts Via E-mail and web monitor pages. The site design as a. (i am Using IIS as a web server to show the results) Designing a fault-tolerant system for Both SoftTher and the Server.posted @ 11:13 PM | Feedback (0)
BEWARE of the Computer Name ...
From vbnullstring's vbaspcoder's blog: BEWARE OF Your Computer Name
I Just Remembed A Hard Time I Experienced During a Migration Project from Nt Domain To Active Directory, in An International Company. (SIGH)
Sometimes the naming rules of computers in the company matters, especially those rules that require us to use underscore or some other characters which are not conforming to the design of some functions / components of products or the RFC itself.
An example of such trouble is the one described in the following KBs: 316112 PRB: Session Variables Do Not Persist Between Requests After You Install Internet Explorer Security Patch MS01-055In such a case we have nothing to do, other than just rename the computer name One of which is like this: 234142 Updating Iis After You change The Computer Name
Sure, as you may have seen in SQL6.5 / 7.0 migration, or migration projects from NT Domain to Active Directory, we sysadmins, designers, and the architects should carefully design so that the result of an operation is not so disasterous.
SO, IT IS IMPORTANT TO KNOW THERE Are Risks To Use Characters Not Included in The Alphabet or Numbers, You Know, Especially For the Server ...
Posted @ 10:07 pm | feedback (0)
KB: 314470 Definition of system partition and boot partition
Sometime it is so confusing, you know. ;-)
314470 Definition of system partition and boot partition
Posted @ 9:49 pm | feedback (0)
Tuesday, April 13, 2004 #
Misc: Moving Contents from JP Site to Here.
Now, At First, I am Moving Some of the Links, Not All, To this site as my jp site contains homewhat too much thing, you know.
I am going to post things here., As in My JP Site ... Mainly English, and Sometimes, French.
Chem,
--kyamamoto
Posted @ 11:34 PM | Feedback (0)
[Site] WMIEX.MSFT.NET
The Famous SNMPBOY Site Has Evolved DramAtical To Handle WMPLEmentation!
http://wmiex.msft.net/
Posted @ 11:00 pm | feedback (0)
Tuesday, March 16, 2004 #
[TOOL] MULTIPLE TOOLS for Logging Sessions
AS WE KNOW Windows Generally Does Not Log Sessions on Any Level Up To Layer 4 of OSI 7 Layers Model.
So There Emerges The NEED for Such a Method Or Tool.
Currently there multiplehable the enable logging sessions, so let's just note here.
1. Port Reporter (Microsoft) a Service Tool Which Logs The Session Info (IP, Port of Both Src and Dst), PID, AND The Process That Initiated The session.) Http://www.microsoft.com/downloads/details .aspx? familyid = 69ba779b-bae9-4243-b9d6-63e62b4bcd2e & displaylang = en
. 2. Xlog (Freeware by xcorp) This tool utilizes Winsock2 Created by xcorp, a Japanese programmer who makes useful tools for security and network management.http: //xcorp.saposen.com/toolz/xlog.html
3. Syunlog (freeware by SYUN) This Tool Utilizes Library Provided With Winpcap. Use with winpcap. Create by Syun.http://www.baba-lab.com/syunlog/
4. monyolog (Freeware by monyo, or TAKAHASHI, Motonobu of the Samba team.) This tool also utilizes WinSock2, especially RAW_SOCKETS of Winsock 2.2. The author is one of the Samba core team members, who is specialized in TCP / IP and Windows Networking, and also i18n.http://www.monyo.com/technical/products/monyolog/
Posted @ 1:13 PM | Feedback (2)
Sunday, February 29, 2004 #
Japanese: Japanese language テ テ ト
(English Follows After Japanese)
??????????????? msdn? ASP.NET? Blog ??? post ??????? feedback ???????????????? ?????????????????????
????????????????????????????????????????????????? ?
?: ????????????????????????????????????????? ????????????????????
This is a test for writing things in Japanese. As you can see, in blogs at MSDN or ASP.NET it is okay to write things in Japanese in the message body itself but not okay in the feedback fields.Well, is it difficult to HANDLE MULTI-BYTE LANGUAGES (ESPECIALLY IN .TEXT)?
If you are familiar with these languages and have some tips on the workaround of this issue, pls let us know.Note: I am not a developer, but I believe those developers who have seen this post can and will implement more excellent, cooler, And Better Things in the fulure.
Posted @ 6:30 PM | Feedback (1)
Monday, February 09, 2004 #
[KB] 810639 FIX: FTP Passive Mode Support for FireWall Scenarios
THIS ARTICLE DESCRBES Used with ftp passive mode with IIS 5.0.sp4 is required to enable this.http: //support.microsoft.com/?kbid = 810639
Posted @ 6:06 PM | Feedback (7)
[Tool] IISecure
Un utilitaire pour fixer l'Iishttp: //www.laborate-microsoft.org/cd/outils/iisecure/
Posted @ 1:42 PM | Feedback (2)
[Tool] syslogd de fpsoft (allemand)
Un utilitaire pour donner des possibilités de Windows de recevoir des messages de syslog Il peut stocker toutes les données dans le serveur de MSDE / MSSQL Essayez-vous, s'il vous plait.http:.. //Www.syslogd.fpsoft.de /
Posted @ 12:49 pm | feedback (0)
[Tool] PageDefrag de Sysinternals
UN Utilitaire Pour Les Dossiers Defragment Qui Ne Sont Pas Faits Après Bootup.http://www.sysinternals.com/ntw2k/freeware/pagededefrag.shtml
Posted @ 12:42 PM | feedback (0)
Saturday, January 31, 2004 #
L'Introduction à Packetfiltering Sur Windows (Especialement 2000 et XP) <1ER Edition en japonais>
Voici L'Extrait de MA Présentation en japonaise à un événement.
http://www.forensic.jp/~yamaken/winpacketfil.zip
JE VEUX TRANSMETTRE LES Coups Secs Du "Packet Filtering" sur WINDOWS à beaucoup de GENS.
Regards, - Kenji Yamamoto, One of Japanese MVPS on Security
Posted @ 12:29 AM | Feedback (0)
Thursday, January 29, 2004 # ev2t
IT IS A TOOL Which Converts Event Log Messages To SNMP Traps.http://www.ncomtech.com/download.htm
As for multilbyte languages it may not be ready ... At least sending traps to Kiwi has been terrible when I used this tool with Japanese version of Windows Server 2003.You may have to obtain a management app which is capable of handling multibyte messages like JAPAnese, Chinese, And Korean.Anyway There Seems No probs by net kernel-based OSES.
Posted @ 11:45 PM | Feedback (1)
Syslog management on window Windows Platforms.
Do you know Winsyslog from adiscon? It is so cool a Tool for US System Operators / Administrators.check it out at: http://www.adiscon.com/(for Japanese: http://adiscon.port139.co.jp /) This tool is so cool, as it allows you to consolidate all the standard error / log messages to one server. With MSSQL you can even display the messages via IIS 4/5. Merging Syslog, SNMP, and Windows Event logs are critical for system admins, to whom we can say this tool is the very solution for managing system health in general You can merge SNMP with syslog, using either the latest version of WinSyslog, or with Kiwi syslog Daemon (http:. //www.kiwisyslog .com) .you can Merge Windows Event logs with the folowing tools:
Event reporter from adiscon
2. Event logs to syslog utility from purdue university.
3. NTSYSLOG Service Tool from SourceForge
cf. I found a localised version of ntsyslog in Vector or Mado-no-mori, which uses EUC-JP for Japanese. If you have already deployed Linux- or * NIX-based solution for the consolidation of logs, this client is just- Fit, IT Seems.
Note: There Are other Tools in the world to facilitate this function. According to kawabata-s
Http://www.kawabata.com/), You Can Even Write Up The Tool That Just-Fits To Your Need.; -) *** System Requirements: a. System: See the Urls Above
B. Human:
B-1. Knowledge of syslog (UNIX AND NetWork Devices you use.)
B-2. Ability or Experience of Manually Parsing Eventlogs on Windows
B-3. Ability to configure network devices to emit logs, if you think you'd like to add the target of monitoring.
.
B-5. Ability / experience to configure server management tools like Allied Telesyn SwimView, HP OpenView or Dell Server Administrator / IT assistant for PowerEdge Systems. (It is okay to use other administrative tools according to the needs at your managed networks. Tools above Are Just As Examples.)
Outputs Are Just Like
THIS. (Special Thanks LG_DE_SUCRE, A COOL GUY WORKING TOGETHER.)
HOWTO: MANAGE LOGS (DELETE UNWANTED / NEEDLESS LOG MESSAGES)?
-> CREATE JOBS (USING T-SQL) from SQL Server Enterprise Manager.
HOWTO: MERGE THE ROUTE AND SIMPLIFY THE SYSTEM?
-> Use Softether or Other VPN Products.
Howto: MERGE OUTPUTS OF SORT?
-> Consult with docs around.
Http://www.winsnort.com/ OR
http://www.snort.org/ area Both Good-Starts.
Ah, IT Seems I am Gonna Miss The Last Train, So See Ya Later!