dbTalk Databases Forums  

Too many audit events in Event Viewer

Go Back dbTalk Databases Forums Databases comp.databases.ibm-db2 Too many audit events in Event Viewer

comp.databases.ibm-db2 comp.databases.ibm-db2


Discuss Too many audit events in Event Viewer in the comp.databases.ibm-db2 forum.



Reply
 
Thread Tools Display Modes
  #1  
Old   
dotyet
 
Posts: n/a

Default Too many audit events in Event Viewer - 09-28-2007 , 12:08 PM





Hi Everyone,

I am looking at a lot of entries similar to the following in my
Windows 'Audit' Event viewer. They are all success events and not
failures.

The environment is:

DB2 8.2 FP 14
Windows 2003 x64

The authentication happens against Windows Active Directory Service.
The box also serves as a domain controller.

Apparently, the system is able to keep only about past 1 hours or 30
minutes worth entries only (I am assuming system is purging the older
ones to make room for the newer ones).

How can I avoid this much logging of these events, provided I don't
want to disable the native windows event viewer service/functionality.

Any help or clue would be appreciated.

Thanks & Regards,
dotyet

##################################

Event Type: Success Audit
Event Source: Security
Event Category: Directory Service Access
Event ID: 565
Date: 9/28/2007
Time: 12:37:45 PM
User: MYAPP\billy
Computer: billy1
Description:
Object Open:
Object Server: Security Account Manager
Object Type: SAM_USER
Object Name: S-1-5-21-40672581851-813886206-1606121121-1472
Handle ID: 101287620
Operation ID: {3,1587664882}
Process ID: 420
Process Name: C:\WINDOWS\system32\lsass.exe
Primary User Name: MYAPP$
Primary Domain: DOM1
Primary Logon ID: (0x0,0x3E7)
Client User Name: billy
Client Domain: DOM1
Client Logon ID: (0x3,0x5E2ERAQA)
Accesses: DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
ReadGeneralInformation
ReadPreferences
WritePreferences
ReadLogon
ReadAccount
WriteAccount
SetPassword (without knowledge of old password)
ListGroups

Privileges: -

Properties:
---
user
DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
ReadGeneralInformation
ReadPreferences
WritePreferences
ReadLogon
ReadAccount
WriteAccount
SetPassword (without knowledge of old password)
ListGroups
General Information
codePage
countryCode
objectSid
primaryGroupID
sAMAccountName
comment
displayName
Account Restrictions
accountExpires
pwdLastSet
userAccountControl
userParameters
Logon Information
badPwdCount
homeDirectory
homeDrive
lastLogoff
lastLogon
logonCount
logonHours
logonWorkstation
profilePath
scriptPath
Public Information
description
Group Membership
memberOf
Change Password
Reset Password
%{7ed81940-ad10-13d0-8a42-00aa036e0129}

Access Mask: 0


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


############################


Reply With Quote
  #2  
Old   
dotyet
 
Posts: n/a

Default Re: Too many audit events in Event Viewer - 10-05-2007 , 09:10 AM





Any clues..... Anybody?

rgds,
dotyet

On Sep 28, 1:08 pm, dotyet <dot... (AT) yahoo (DOT) com> wrote:
Quote:
Hi Everyone,

I am looking at a lot of entries similar to the following in my
Windows 'Audit' Event viewer. They are all success events and not
failures.

The environment is:

DB2 8.2 FP 14
Windows 2003 x64

The authentication happens against Windows Active Directory Service.
The box also serves as a domain controller.

Apparently, the system is able to keep only about past 1 hours or 30
minutes worth entries only (I am assuming system is purging the older
ones to make room for the newer ones).

How can I avoid this much logging of these events, provided I don't
want to disable the native windows event viewer service/functionality.

Any help or clue would be appreciated.

Thanks & Regards,
dotyet

##################################

Event Type: Success Audit
Event Source: Security
Event Category: Directory Service Access
Event ID: 565
Date: 9/28/2007
Time: 12:37:45 PM
User: MYAPP\billy
Computer: billy1
Description:
Object Open:
Object Server: Security Account Manager
Object Type: SAM_USER
Object Name: S-1-5-21-40672581851-813886206-1606121121-1472
Handle ID: 101287620
Operation ID: {3,1587664882}
Process ID: 420
Process Name: C:\WINDOWS\system32\lsass.exe
Primary User Name: MYAPP$
Primary Domain: DOM1
Primary Logon ID: (0x0,0x3E7)
Client User Name: billy
Client Domain: DOM1
Client Logon ID: (0x3,0x5E2ERAQA)
Accesses: DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
ReadGeneralInformation
ReadPreferences
WritePreferences
ReadLogon
ReadAccount
WriteAccount
SetPassword (without knowledge of old password)
ListGroups

Privileges: -

Properties:
---
user
DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
ReadGeneralInformation
ReadPreferences
WritePreferences
ReadLogon
ReadAccount
WriteAccount
SetPassword (without knowledge of old password)
ListGroups
General Information
codePage
countryCode
objectSid
primaryGroupID
sAMAccountName
comment
displayName
Account Restrictions
accountExpires
pwdLastSet
userAccountControl
userParameters
Logon Information
badPwdCount
homeDirectory
homeDrive
lastLogoff
lastLogon
logonCount
logonHours
logonWorkstation
profilePath
scriptPath
Public Information
description
Group Membership
memberOf
Change Password
Reset Password
%{7ed81940-ad10-13d0-8a42-00aa036e0129}

Access Mask: 0

For more information, see Help and Support Center athttp://go.microsoft.com/fwlink/events.asp.

############################



Reply With Quote
Reply

« Previous Thread | Next Thread »



Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Powered by vBulletin Version 3.5.3
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.


Contact Us - dbTalk Databases Forums - Archive - Top