Link to home
Create AccountLog in
Avatar of TPBPIT
TPBPIT

asked on

What does this Event Refer too, and how do I stop it?

I have a Windowns 2003 server running 2 network monitoring tools.  IpSwitch Watsup gold and HP System Insight Manager 5.1.  

On that box, I am getting the following events over and over and over in the security events log.  From what I've been able to dig up on the internet about this Event, it's simply a successful logon/logoff.  so I don't understand why it's in my event log over and over and over.  
---------------------------------------------------------------------------------------------
Logon attempt using explicit credentials:
 Logged on user:
       User Name:      BRMONITOR$
       Domain:            TP
       Logon ID:            (0x0,0x3E7)
       Logon GUID:      {3f6c6fcc-00db-06f5-ddc5-9d80e26e1c60}
 User whose credentials were used:
       Target User Name:      administrator
       Target Domain:      TP.TPBP.COM
       Target Logon GUID: -

 Target Server Name:      brnav.tp.tpbp.com
 Target Server Info:      RPCSS/brnav.tp.tpbp.com
 Caller Process ID:      472
 Source Network Address:      -
 Source Port:      -
------------------------------------------------------------------------

Logon attempt using explicit credentials:
 Logged on user:
       User Name:      BRMONITOR$
       Domain:            TP
       Logon ID:            (0x0,0x3E7)
       Logon GUID:      {6490d67b-9992-290e-ede5-1507f76854d3}
 User whose credentials were used:
       Target User Name:      administrator
       Target Domain:      tp
       Target Logon GUID: -

 Target Server Name:      brmail.tp.tpbp.com
 Target Server Info:      brmail.tp.tpbp.com
 Caller Process ID:      2796
 Source Network Address:      -
 Source Port:      -
---------------------------------------------------------------------------
Logon attempt using explicit credentials:
 Logged on user:
       User Name:      BRMONITOR$
       Domain:            TP
       Logon ID:            (0x0,0x3E7)
       Logon GUID:      {6490d67b-9992-290e-ede5-1507f76854d3}
 User whose credentials were used:
       Target User Name:      administrator
       Target Domain:      tp
       Target Logon GUID: -

 Target Server Name:      brfax.tp.tpbp.com
 Target Server Info:      brfax.tp.tpbp.com
 Caller Process ID:      2796
 Source Network Address:      -
 Source Port:      -
------------------------------------------------------------------------------
Can someone please shed some light on this for me?  

I appreciate thje help in advance.

Brandon Pembo
ASKER CERTIFIED SOLUTION
Avatar of shniz123
shniz123
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
It just looks like a service account running on a local computer.  You could always look for the BRMONITOR account in AD and investigate.
Avatar of TPBPIT
TPBPIT

ASKER

I was able to kill one of the monitoring software pieces and the Events stopped lgging.  So I'm going to take this up with IpSwitch's technical department.  Thanks for pointing me in the right direction here.  

and I think this could be stopped by editing the global poliy on the domain to stop logging successful audits.  But my boss doesn't want to edit that policy.  We need it for our citrix solution.

thank you very much for your time and thoughts.

Brandon