Solved

Security log filling up

Posted on 2013-01-15
7
113 Views
Last Modified: 2015-06-23
My server 2008r2 security log is filling up with over 6000 5145 and 5156 events every 30 seconds. What is happening?
0
Comment
Question by:daveschultz7777
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 17

Expert Comment

by:Kent Dyer
ID: 38781209
If am reading this correctly, this is in the Event Viewer..

What does your Event Viewer show when you open these up?

That is where I would start.

HTH,

Kent
0
 

Author Comment

by:daveschultz7777
ID: 38781230
Closer examination of the log shows 3 users (out of 35) are creating all the 5145 events. The 5145 events (Detailed File share) are followed by 5156 events (Filtering Platform Connection).
I don't know if they are related to each other. I suspect some virus activity may be causing the 5145 events. I won't know until tomorrow when I can get onsite.
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 38781234
It looks like someone is accessing a network share continously and it's taking so much ram and processor that it's causing registry problems.

Are you being hit by an virus from inside? or possibly an app that is stuck in a loop?

http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=5145
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Accepted Solution

by:
daveschultz7777 earned 0 total points
ID: 38787009
I found the computer causing the the problem. Removed it from the network and everything returned to normal. It had a virus and is being cleaned.
0
 

Expert Comment

by:lanzone
ID: 38835483
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40845593
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Normally after a failure of Domain Controller, when promoting new DC the DC is renamed, we will discuss the options in Dcpromo to re-create the DC with the same name. Scenario: You are a small IT shop with two Domain Controllers (Domain Contr…
To effectively work with Diskpart on a Server Core, it is necessary to write some small batch script's, because you can't execute diskpart in a remote powershell session. To get startet, place the Diskpart batch script's into a share on your loca…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question