Re: Security event log messages 576/540/538

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Mike,

Yep, I realise I can filter them out but they still take up unnecessary
space and processing power. I would have thought there must be some way to
find out which service is creating them and prevent it, why is a system
service logging on and off every minute or so.

Nick

"Mike Stem" <PSCCmdt@xxxxxxxx> wrote in message
news:u4n2H$hVFHA.3024@xxxxxxxxxxxxxxxxxxxxxxx
> Hi Nick!
>
> I received some advice the last few days reference this exact same issue.
I
> had posted that there were over 170,000 of these in a short period in my
> Security Log also. Several suggested filtering this particular Event Log
> item to only track Audit Failures rather than track all of the Audit
> Successes. I think I am going to do just that for awhile.
>
> In the Event Viewer, right-click on Security, click on Properties, click
on
> the Filter Tab, then de-select the box marked "Success Audit"... from then
> on it will only show the Failures. You can always go back and change it
if
> you wish to track some kind of issue...
>
>
> --
> Mike Stem
> Cinti, OH
> SBS2003 Newbie
>
>
> "NickC" <NoSpam@xxxxxxxxxxxxxx> wrote in message
> news:uDci7RhVFHA.3024@xxxxxxxxxxxxxxxxxxxxxxx
> > Has anyone found a way to stop the flood of event messages 576/540/538
> > from
> > filling the security event log? I know they are only informational but
> > they
> > get in the way preventing other more important events from being
noticed.
> > Also they must use up some cpu time especially if the SBS$Monitoring
> > service
> > has to sift through them all.
> > Nick
> >
> >
>
>


.

Relevant Pages

  • Re: AspErrorsToNTLog no longer works in IIS6
    ... The security implication is that anonymous remote requests can be used to ... fill the event log and cause the server to stop responding (for very legal ... > logic for further disabling it. ... How about using the web log file? ...
    (microsoft.public.inetserver.iis)
  • Viewing Event Logs
    ... How to set event log security locally or by using Group Policy in Windows ... Descriptor Definition Language (SDDL) syntax. ...
    (microsoft.public.windows.server.active_directory)
  • Re: AspErrorsToNTLog no longer works in IIS6
    ... Am I to assume IIS6 no longer offers a way to audit VBScript errors? ... >>when the security log is full has any relevance. ... Is event log performance significantly ... > log instead of the normal log file) was flawed from a security perspective, ...
    (microsoft.public.inetserver.iis)
  • Re: Writing to Windows Security Log
    ... UNIX syslog-the-network-protocol is that it's UDP - ... a Windows application or service ... equivalent source of bogus data into an Event Log stream ... to the>Security< Event Log are the LSA and the Event ...
    (Pen-Test)
  • Win2k3 Event Log and Security: Must choose between security and trustworthy
    ... have as well) regarding the way the EventLog.WriteEntry encounters security ... problems when to trying to create new Event Logs and new Event Log Sources. ... coding of the application developers create new sources. ... I am not entirely certain of the security impact of doing this. ...
    (microsoft.public.inetserver.iis.security)