Re: Event ID 577 & 578 are filling Security Event Logs

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 04/28/05

• Next message: Steven L Umbach: "Re: Security Log Help"
• Previous message: ltang7_at_yahoo.com: "Microsoft CA vs other CA"
• In reply to: timcapp: "Event ID 577 & 578 are filling Security Event Logs"
• Next in thread: Roger Abell: "Re: Event ID 577 & 578 are filling Security Event Logs"
• Reply: Roger Abell: "Re: Event ID 577 & 578 are filling Security Event Logs"
• Reply: timcapp: "Re: Event ID 577 & 578 are filling Security Event Logs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 27 Apr 2005 18:51:28 -0500

Privilege use will generate a ton of events in the security log. Review your
policy to see if you can possibly audit only failures instead of success and
failure. If that is not possible you will need to increase the size of the
security logs substantially. I know of no other workaround. -- Steve

"timcapp" <timothy.cappiello@gd-ais.com> wrote in message
news:1114627448.748559.303680@g14g2000cwa.googlegroups.com...
> We have quite a few windows 2000 SP4 systems running that are
> continually logging event ID 577 and 578 to the Security Event log . I
> understand that a workaround to this is to turn off the privilege use
> auditing policy, but this is not possible due to security requirements.
> Is anyone aware of a workaround/patch to resolve this issue? It is
> causing the event logs to grow to an unmanageable size.
>
> Thanks
> Tim
>

• Next message: Steven L Umbach: "Re: Security Log Help"
• Previous message: ltang7_at_yahoo.com: "Microsoft CA vs other CA"
• In reply to: timcapp: "Event ID 577 & 578 are filling Security Event Logs"
• Next in thread: Roger Abell: "Re: Event ID 577 & 578 are filling Security Event Logs"
• Reply: Roger Abell: "Re: Event ID 577 & 578 are filling Security Event Logs"
• Reply: timcapp: "Re: Event ID 577 & 578 are filling Security Event Logs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Losing access to a shared folder ... I see no failures in the security log. ... Both shares are on the same file server. ... domain controllers as preferred and secondary dens servers. ... (microsoft.public.windowsxp.security_admin) Re: trace user logons ... Check to see what the "Effective Setting" is under the "Audit Policy" on one ... of your servers or workstations. ... i had several of the local audit policies enabled under Domain ... I've checked the filter on the security log, and it is set to show ... (microsoft.public.windows.server.security) Re: GPO OBJECT ACCESS ... With the computer in your OU and when you run gpresult on that computer it ... Another thing to consider is that by default the security log ... I would also check the Local Security Policy on the computer you put into ... what is going on with Group Policy for a certain computer/user/OU/GPO. ... (microsoft.public.win2000.group_policy) How do I read the Security Log ... Enable Auditing for Logon Events and Object Access ... This logs events in the security log informing you if IKE ... Using the Group Policy MMC snap-in, ... Enable success and failure auditing for "Audit logon ... (microsoft.public.win2000.security) Re: Bug check: 0x000000d1 (0x77f68b33, 0x000000ff, 0x00000000, 0x77f68b33) ... Only one renamed Admiinstrator account. ... > [System Log] PM 07:48:13 ... > [Security Log] PM 07:48:13 ... > Audit Policy Change: ... (microsoft.public.windows.server.general)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint