473,396 Members | 2,020 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > db2 database > questions > too many audit events in event viewer

Join Bytes to post your question to a community of 473,396 software developers and data experts.

Too many audit events in Event Viewer

Hi Everyone,

I am looking at a lot of entries similar to the following in my
Windows 'Audit' Event viewer. They are all success events and not
failures.

The environment is:

DB2 8.2 FP 14
Windows 2003 x64

The authentication happens against Windows Active Directory Service.
The box also serves as a domain controller.

Apparently, the system is able to keep only about past 1 hours or 30
minutes worth entries only (I am assuming system is purging the older
ones to make room for the newer ones).

How can I avoid this much logging of these events, provided I don't
want to disable the native windows event viewer service/functionality.

Any help or clue would be appreciated.

Thanks & Regards,
dotyet

##################################

Event Type: Success Audit
Event Source: Security
Event Category: Directory Service Access
Event ID: 565
Date: 9/28/2007
Time: 12:37:45 PM
User: MYAPP\billy
Computer: billy1
Description:
Object Open:
Object Server: Security Account Manager
Object Type: SAM_USER
Object Name: S-1-5-21-40672581851-813886206-1606121121-1472
Handle ID: 101287620
Operation ID: {3,1587664882}
Process ID: 420
Process Name: C:\WINDOWS\system32\lsass.exe
Primary User Name: MYAPP$
Primary Domain: DOM1
Primary Logon ID: (0x0,0x3E7)
Client User Name: billy
Client Domain: DOM1
Client Logon ID: (0x3,0x5E2ERAQA)
Accesses: DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
ReadGeneralInformation
ReadPreferences
WritePreferences
ReadLogon
ReadAccount
WriteAccount
SetPassword (without knowledge of old password)
ListGroups

Privileges: -

Properties:
---
user
DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
ReadGeneralInformation
ReadPreferences
WritePreferences
ReadLogon
ReadAccount
WriteAccount
SetPassword (without knowledge of old password)
ListGroups
General Information
codePage
countryCode
objectSid
primaryGroupID
sAMAccountName
comment
displayName
Account Restrictions
accountExpires
pwdLastSet
userAccountControl
userParameters
Logon Information
badPwdCount
homeDirectory
homeDrive
lastLogoff
lastLogon
logonCount
logonHours
logonWorkstation
profilePath
scriptPath
Public Information
description
Group Membership
memberOf
Change Password
Reset Password
%{7ed81940-ad10-13d0-8a42-00aa036e0129}

Access Mask: 0
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
############################

Sep 28 '07 #1
1 4124
Any clues..... Anybody?

rgds,
dotyet

On Sep 28, 1:08 pm, dotyet <dot...@yahoo.comwrote:
Hi Everyone,

I am looking at a lot of entries similar to the following in my
Windows 'Audit' Event viewer. They are all success events and not
failures.

The environment is:

DB2 8.2 FP 14
Windows 2003 x64

The authentication happens against Windows Active Directory Service.
The box also serves as a domain controller.

Apparently, the system is able to keep only about past 1 hours or 30
minutes worth entries only (I am assuming system is purging the older
ones to make room for the newer ones).

How can I avoid this much logging of these events, provided I don't
want to disable the native windows event viewer service/functionality.

Any help or clue would be appreciated.

Thanks & Regards,
dotyet

##################################

Event Type: Success Audit
Event Source: Security
Event Category: Directory Service Access
Event ID: 565
Date: 9/28/2007
Time: 12:37:45 PM
User: MYAPP\billy
Computer: billy1
Description:
Object Open:
Object Server: Security Account Manager
Object Type: SAM_USER
Object Name: S-1-5-21-40672581851-813886206-1606121121-1472
Handle ID: 101287620
Operation ID: {3,1587664882}
Process ID: 420
Process Name: C:\WINDOWS\system32\lsass.exe
Primary User Name: MYAPP$
Primary Domain: DOM1
Primary Logon ID: (0x0,0x3E7)
Client User Name: billy
Client Domain: DOM1
Client Logon ID: (0x3,0x5E2ERAQA)
Accesses: DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
ReadGeneralInformation
ReadPreferences
WritePreferences
ReadLogon
ReadAccount
WriteAccount
SetPassword (without knowledge of old password)
ListGroups

Privileges: -

Properties:
---
user
DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
ReadGeneralInformation
ReadPreferences
WritePreferences
ReadLogon
ReadAccount
WriteAccount
SetPassword (without knowledge of old password)
ListGroups
General Information
codePage
countryCode
objectSid
primaryGroupID
sAMAccountName
comment
displayName
Account Restrictions
accountExpires
pwdLastSet
userAccountControl
userParameters
Logon Information
badPwdCount
homeDirectory
homeDrive
lastLogoff
lastLogon
logonCount
logonHours
logonWorkstation
profilePath
scriptPath
Public Information
description
Group Membership
memberOf
Change Password
Reset Password
%{7ed81940-ad10-13d0-8a42-00aa036e0129}

Access Mask: 0

For more information, see Help and Support Center athttp://go.microsoft.com/fwlink/events.asp.

############################

Oct 5 '07 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
Event Log Collector - for the Event Viewer - to collect events into a database - How to?
by: Virgo_guy | last post by:
Hi I am perplexed, I feel hopeless, I hope that someone can help me with a problem. I have Visual Basic .NET I want to develop an Event Collector. That will collect all events from the Local...
Visual Basic 4 / 5 / 6
6
email notification, when database updated?
by: Raphael Gluck | last post by:
Hi, Is it possible for one to program one's pages as such that when a database table is updated over the web, via a form, that an e-mail confirmation is sent to a specified address, notifying...
ASP / Active Server Pages
2
Is there an easy way to monitor (audit) who logs onto a database ??
by: Wood Butcher | last post by:
Is there an easy way to monitor (audit) who logs onto a database ?? Thanks for any and all help that is provided. Art
Microsoft SQL Server
0
ASPNET Account generates Failed Audit
by: Rod Kestler | last post by:
After applying the KB Automatic Update #833987 (JPEG Security Issue), our development server suddenly will not allow any IIS 6.0 App Pool running with identity set to ASPNET to run. The Event...
.NET Framework
6
SQL Login audit log
by: kai | last post by:
Hi, All I use SQL Server 2000 and Win 2003 Server. I try to create a SQL Server Login audit log using Profiler, but cannot find the tools. I looked at the Windows Event Viewer, it only logs...
Microsoft SQL Server
1
Scoping out the size needed for running DB2 audit facility
by: Byrocat | last post by:
We're going to be enabling the audit facility on some of our DB2 servers in the future, and I need some basic information on how large I can expect the log to grow. I've already been warning NOT...
DB2 Database
2
What permission set is required for adding events to Event Viewer?
by: Ken Varn | last post by:
I need to pragmatically add events to the Win2K Event Viewer from my ASP.NET web application. What user rights are required for this? I have tried to assign "act as part of the operating system",...
ASP.NET
7
Trap Events in a specific object...
by: Thorbjørn Jørgensen | last post by:
Hi I am currently creating a WLAN simulation problem and have encountered a problem... I have two classes (Channel and RadioLayer), and for instance create the following objects: Channel...
C# / C Sharp
6
Add Audit Trail to Table Modification
by: philmgron | last post by:
Hello I have been hitting my head against the wall on this problem for a day now. I have a simple table that stores cities, on of the fields on the table is modified_by. I am trying to write the...
Microsoft Access / VBA
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!