[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dragonidsuser
Subject:    Re: [Dragonidsuser] HIDS
From:       Graham Clark <gclark () enterasys ! com>
Date:       2004-12-06 20:18:34
Message-ID: 41B4BE9A.6090207 () enterasys ! com
[Download RAW message or body]

Hi Stan,

Some of the HIDS modules perform work at fixed intervals - for example, 
the MD5 Detection module will generate MD5 checksums for its configured 
list of files and look for discrepancies. Another possibility is the 
RegistryDetectionEx module processing registry modifications, if some 
other process is making heavy changes to monitored sections of the 
registry. Could you provide more details on the CPU spikes - for 
example, the interval between spikes, and how long the spikes last? Is 
it possible to provide the customer's configuration?

Thanks a lot,
Graham

Peovitis, Stan wrote:

> Hello,
> 
> 
> 
> I have a customer that has several windows 2000 servers running HIDS 
> and from time to time there CPU spikes as high as 45% due to the HIDS 
> process. Has anyone experienced this? If so why is it happening and 
> what can be done to fix it?
> 
> 
> 
> Thanks,
> 
> 
> 
> **Stan Peovitis**
> 
> Enterasys Networks Australia
> 
> Senior Network Consultant
> 
> Phone: +61 8 9480 3775
> 
> Mobile: +61 (0) 4388 111 31
> 
> Email: speovitis@enterasys.com <mailto:speovitis@enterasys.com>
> 
> 
> 
> 
> 
> 
> 
> *CONFIDENTIALITY NOTICE*
> 
> This message being sent is intended exclusively for the individual or 
> entity to which it is addressed. This communication may contain 
> information that is proprietary, privileged or confidential or 
> otherwise legally exempt from disclosure. If you are not the named 
> addressee, you are not authorized to read, print, retain, copy or 
> disseminate this message or any part of it. If you have received this 
> message in error, please notify the sender immediately by e-mail and 
> delete all copies of the message
> 
> 
> 

_______________________________________________
Dragonidsuser mailing list

For help please follow the below instructions.
You can make subsciption adjustments via email by sending a message to:

  Dragonidsuser-request@enterasys.com

with the word `help' in the subject or body (don't include the quotes), and you will \
get back a message with instructions.

You must know your password to change your options (including changing the password, \
itself) or to unsubscribe.   If you forget your password, don't worry, you will \
receive a monthly reminder telling you what all your enterasys.com mailing list \
passwords are, and how to unsubscribe or change your options.  


[prev in list] [next in list] [prev in thread] [next in thread]