+1 on wanting feedback. This has been in the back of my mind for a while now.
On Mon, Jun 6, 2011 at 6:21 AM, Ron Gula <[email protected]> wrote: > On 6/5/2011 9:02 AM, Marius wrote: > > Hi! > > > > Since no one answered, I'll try my best here. > > > > On 24 May 2011 16:04, Beetz <[email protected]> wrote: > >> I'd be interested to hear the community's experiences with El Jefe - for > >> example has anyone deployed it in a limited basis in a production > >> environment, > > > > First of all I would recommend the ElJefe mailing list. You'll have > > better luck finding experience there. > > > > I deployed ElJefe and beta-tested several releases. The interesting > > point for me was seeing it log me exploiting applications on Windows > > hosts. For a VM hacking lab ElJefe is quite recommendable. But for a > > large production environment I'd only monitor important key assets and > > not every application due to false-positives and performance issues. > > Hi Marius, > > I'm a big fan of performing process monitoring and would love more > feedback from you. > > What sort of performance issues did you see? Did the OS run slower with > this level of monitoring? I'm curious what level of performance you > already had before installing ElJefe. I'm also curious what impact to > the system something like enabling process audit logging (if you are > windows) may have had. This is how we gather logs like that for our > Tenable products. > > Also, what kind of false positvies did you see? Were there actual cases > where a process was logged running by ElJefe yet it wasn't there? > > Lastly, I agree it does take effort to gather logs and focusing on your > servers is better than not logging any processes at all. However, I > strongly recommend you at least enable process accounting on your > desktop/laptop systems and collect this information. > > -- > Ron Gula, CEO > Tenable Network Security > http://www.tenable.com > > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
