RE: Event Log entries?
From: Bobby McMillan [MSFT] (robertmc_at_online.microsoft.com)
Date: 12/31/03
- Next message: Bobby McMillan [MSFT]: "RE: Trust Between NT4 and 2003"
- Previous message: Bobby McMillan [MSFT]: "RE: protezione cartella"
- In reply to: Kevin: "Event Log entries?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 31 Dec 2003 07:21:38 GMT
INLINE:
Pleae note that there are some products that cause excessive 538's 540's
and 576's ... What products are on the server that was pusing these every
second for 5 hours...
--------------------
| From: "Kevin" <anonymous@discussions.microsoft.com>
| Sender: "Kevin" <anonymous@discussions.microsoft.com>
| Subject: Event Log entries?
| Date: Tue, 30 Dec 2003 11:06:03 -0800
|
| This is a lengthy post... Sorry but need to describe....
|
| We have a server that we setup to capture every event in
| the event log. We are noticing a strange group of entries
| that we are not sure what it is. I assume it is some
| standard OS / Network level entry because it happens often
| and is a consistent set of entries but we do not know what
| the entries mean and would like to know if anyone out
| there does.
|
| Log Entries....
| Success audit
| Category: Privilege use
| Event ID: 576
| Username: domain\computername$
|
| In the Description:
| Special Privileges assigned to new user
| User Name and Domain Blank
| Assigned: SeChangeNotifyPrivilege
>>>>>>822774 System Performance Decreases, and Many Event ID 576 Entries
Are Logged
>>>>>>http://support.microsoft.com/?id=822774
|
| Success audit
| Category: Logon/Logoff
| Event ID: 540
| Username: domain\computername$
|
| In the Description:
| Successful Network logon
| User Name: computername$
| Domain: domain
| Logon Type: 3
>>>>>>Machine authenticating to the domain
|
| Success audit
| Category: Logon/Logoff
| Event ID: 538
| Username: domain\computername$
|
| In the Description:
| User Logoff
| User Name: computername$
| Domain: domain
| Logon Type: 3
>>>>>> Machine ending communication with domain at this time.
|
| These 3 entries always accompany each other. The
| interesting issue is that this happened to one of our
| servers over the weekend but that the entries were taking
| place every second and filled up our 25mb log file in
| about 5 hours. We disconnected the computer from the
| network that was mentioned in the username field and these
| entries stopped. We plugged the computer back in this
| morning and it isn't happening?
|
| We have done the normal virus / hack research but this
| does not appear to be that at all. In fact we see in the
| logs where other entries of this type are in the system
| but for different computers....
|
| We did notice that the Computer Browser service was on for
| this server and it shouldn't have been so we turned it off.
|
| Does anyone know what this is?
|
| Kevin
|
|
|
This posting is provided "AS IS" with no warranties, and confers no rights.
- Next message: Bobby McMillan [MSFT]: "RE: Trust Between NT4 and 2003"
- Previous message: Bobby McMillan [MSFT]: "RE: protezione cartella"
- In reply to: Kevin: "Event Log entries?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
