|
Morphius143 -> Security event log entries (8.May2008 2:10:03 AM)
|
Hello All
We have a slight problem whereby the security event log on some of our monitored servers is filling up with logon/logoff events related to the service account GFI uses. It appears to be doing this 50times a second (give or take) for an hour or two. Checking the last updated times on the GFI checks doesnt show anything for these servers being checked.
We are monitoring approx 250 servers but only some have this problem and it appears to be the ones which are checking things other than Pings (e.g. RAID errors, windows updates etc).
The service account we are using is listed as a Local Adminitrator. Rather than changing our Audit policy I was wondering if there is another reason for this? I have attached the event log entry below.
Successful Network Logon:
User Name: ~svc-gfi
Domain: INT
Logon ID: (0x0,0x28B22EB3)
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name:
Logon GUID: {09300a49-a816-9128-dbb0-30f42676d6f9}
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: ***.**.***.**
Source Port: 0
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Thanks for any suggestions!
|
|
|
|