Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Security log filling up

Posted on 2013-01-15
7
Medium Priority
?
153 Views
Last Modified: 2015-06-23
My server 2008r2 security log is filling up with over 6000 5145 and 5156 events every 30 seconds. What is happening?
0
Comment
Question by:daveschultz7777
6 Comments
 
LVL 17

Expert Comment

by:Kent Dyer
ID: 38781209
If am reading this correctly, this is in the Event Viewer..

What does your Event Viewer show when you open these up?

That is where I would start.

HTH,

Kent
0
 

Author Comment

by:daveschultz7777
ID: 38781230
Closer examination of the log shows 3 users (out of 35) are creating all the 5145 events. The 5145 events (Detailed File share) are followed by 5156 events (Filtering Platform Connection).
I don't know if they are related to each other. I suspect some virus activity may be causing the 5145 events. I won't know until tomorrow when I can get onsite.
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 38781234
It looks like someone is accessing a network share continously and it's taking so much ram and processor that it's causing registry problems.

Are you being hit by an virus from inside? or possibly an app that is stuck in a loop?

http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=5145
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 

Accepted Solution

by:
daveschultz7777 earned 0 total points
ID: 38787009
I found the computer causing the the problem. Removed it from the network and everything returned to normal. It had a virus and is being cleaned.
0
 
LVL 36

Expert Comment

by:Seth Simmons
ID: 40845593
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits …
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question