too many logon/logoff events in security log
From: microsoft newsgroup (news_register_at_yahoo.com.hk)
Date: 11/25/04
- Previous message: Robert Paris: "Win 2k Security Questions"
- Next in thread: Trevor: "Re: too many logon/logoff events in security log"
- Reply: Trevor: "Re: too many logon/logoff events in security log"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 25 Nov 2004 11:51:55 +0800
Hi, all,
I turn on the audit policy to monitor the logon/logoff envents in security
log. However, there is too many logon/logoff events, average 3 times per
minute. sometimes the logon/logoff by systems user, sometimes by
administrators. I have not idea to troubleshoot this event. I capture the
logs detail as below:
User Logoff:
User Name: ITRA$
Domain: ITRANET0
Logon ID: (0x0,0x105A389)
Logon Type: 3
Successful Network Logon:
User Name: ITRA$
Domain: ITRANET0
Logon ID: (0x0,0xD3FD88)
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name:
Logon GUID: {d4e327c2-d024-f080-3e0b-1d7c89e9e484}
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 127.0.0.1
Source Port: 4644
Any idea or am I be hacked? why the source network address is the server
itself but the logon type is 3.
Thanks you very much advance!
Regards,
Trevor
- Previous message: Robert Paris: "Win 2k Security Questions"
- Next in thread: Trevor: "Re: too many logon/logoff events in security log"
- Reply: Trevor: "Re: too many logon/logoff events in security log"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
