By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,287 Members | 1,287 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,287 IT Pros & Developers. It's quick & easy.

Too many audit events in Event Viewer

P: n/a
Hi Everyone,

I am looking at a lot of entries similar to the following in my
Windows 'Audit' Event viewer. They are all success events and not
failures.

The environment is:

DB2 8.2 FP 14
Windows 2003 x64

The authentication happens against Windows Active Directory Service.
The box also serves as a domain controller.

Apparently, the system is able to keep only about past 1 hours or 30
minutes worth entries only (I am assuming system is purging the older
ones to make room for the newer ones).

How can I avoid this much logging of these events, provided I don't
want to disable the native windows event viewer service/functionality.

Any help or clue would be appreciated.

Thanks & Regards,
dotyet

##################################

Event Type: Success Audit
Event Source: Security
Event Category: Directory Service Access
Event ID: 565
Date: 9/28/2007
Time: 12:37:45 PM
User: MYAPP\billy
Computer: billy1
Description:
Object Open:
Object Server: Security Account Manager
Object Type: SAM_USER
Object Name: S-1-5-21-40672581851-813886206-1606121121-1472
Handle ID: 101287620
Operation ID: {3,1587664882}
Process ID: 420
Process Name: C:\WINDOWS\system32\lsass.exe
Primary User Name: MYAPP$
Primary Domain: DOM1
Primary Logon ID: (0x0,0x3E7)
Client User Name: billy
Client Domain: DOM1
Client Logon ID: (0x3,0x5E2ERAQA)
Accesses: DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
ReadGeneralInformation
ReadPreferences
WritePreferences
ReadLogon
ReadAccount
WriteAccount
SetPassword (without knowledge of old password)
ListGroups

Privileges: -

Properties:
---
user
DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
ReadGeneralInformation
ReadPreferences
WritePreferences
ReadLogon
ReadAccount
WriteAccount
SetPassword (without knowledge of old password)
ListGroups
General Information
codePage
countryCode
objectSid
primaryGroupID
sAMAccountName
comment
displayName
Account Restrictions
accountExpires
pwdLastSet
userAccountControl
userParameters
Logon Information
badPwdCount
homeDirectory
homeDrive
lastLogoff
lastLogon
logonCount
logonHours
logonWorkstation
profilePath
scriptPath
Public Information
description
Group Membership
memberOf
Change Password
Reset Password
%{7ed81940-ad10-13d0-8a42-00aa036e0129}

Access Mask: 0
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
############################

Sep 28 '07 #1
Share this Question
Share on Google+
1 Reply


P: n/a
Any clues..... Anybody?

rgds,
dotyet

On Sep 28, 1:08 pm, dotyet <dot...@yahoo.comwrote:
Hi Everyone,

I am looking at a lot of entries similar to the following in my
Windows 'Audit' Event viewer. They are all success events and not
failures.

The environment is:

DB2 8.2 FP 14
Windows 2003 x64

The authentication happens against Windows Active Directory Service.
The box also serves as a domain controller.

Apparently, the system is able to keep only about past 1 hours or 30
minutes worth entries only (I am assuming system is purging the older
ones to make room for the newer ones).

How can I avoid this much logging of these events, provided I don't
want to disable the native windows event viewer service/functionality.

Any help or clue would be appreciated.

Thanks & Regards,
dotyet

##################################

Event Type: Success Audit
Event Source: Security
Event Category: Directory Service Access
Event ID: 565
Date: 9/28/2007
Time: 12:37:45 PM
User: MYAPP\billy
Computer: billy1
Description:
Object Open:
Object Server: Security Account Manager
Object Type: SAM_USER
Object Name: S-1-5-21-40672581851-813886206-1606121121-1472
Handle ID: 101287620
Operation ID: {3,1587664882}
Process ID: 420
Process Name: C:\WINDOWS\system32\lsass.exe
Primary User Name: MYAPP$
Primary Domain: DOM1
Primary Logon ID: (0x0,0x3E7)
Client User Name: billy
Client Domain: DOM1
Client Logon ID: (0x3,0x5E2ERAQA)
Accesses: DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
ReadGeneralInformation
ReadPreferences
WritePreferences
ReadLogon
ReadAccount
WriteAccount
SetPassword (without knowledge of old password)
ListGroups

Privileges: -

Properties:
---
user
DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
ReadGeneralInformation
ReadPreferences
WritePreferences
ReadLogon
ReadAccount
WriteAccount
SetPassword (without knowledge of old password)
ListGroups
General Information
codePage
countryCode
objectSid
primaryGroupID
sAMAccountName
comment
displayName
Account Restrictions
accountExpires
pwdLastSet
userAccountControl
userParameters
Logon Information
badPwdCount
homeDirectory
homeDrive
lastLogoff
lastLogon
logonCount
logonHours
logonWorkstation
profilePath
scriptPath
Public Information
description
Group Membership
memberOf
Change Password
Reset Password
%{7ed81940-ad10-13d0-8a42-00aa036e0129}

Access Mask: 0

For more information, see Help and Support Center athttp://go.microsoft.com/fwlink/events.asp.

############################

Oct 5 '07 #2

This discussion thread is closed

Replies have been disabled for this discussion.