Improve company productivity with a Business Account.Sign Up

x
?
Solved

Security log filling up

Posted on 2013-01-15
7
Medium Priority
?
163 Views
Last Modified: 2015-06-23
My server 2008r2 security log is filling up with over 6000 5145 and 5156 events every 30 seconds. What is happening?
0
Comment
Question by:daveschultz7777
6 Comments
 
LVL 17

Expert Comment

by:Kent Dyer
ID: 38781209
If am reading this correctly, this is in the Event Viewer..

What does your Event Viewer show when you open these up?

That is where I would start.

HTH,

Kent
0
 

Author Comment

by:daveschultz7777
ID: 38781230
Closer examination of the log shows 3 users (out of 35) are creating all the 5145 events. The 5145 events (Detailed File share) are followed by 5156 events (Filtering Platform Connection).
I don't know if they are related to each other. I suspect some virus activity may be causing the 5145 events. I won't know until tomorrow when I can get onsite.
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 38781234
It looks like someone is accessing a network share continously and it's taking so much ram and processor that it's causing registry problems.

Are you being hit by an virus from inside? or possibly an app that is stuck in a loop?

http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=5145
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 

Accepted Solution

by:
daveschultz7777 earned 0 total points
ID: 38787009
I found the computer causing the the problem. Removed it from the network and everything returned to normal. It had a virus and is being cleaned.
0
 
LVL 37

Expert Comment

by:Seth Simmons
ID: 40845593
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

A safe way to clean winsxs folder from your windows server 2008 R2 editions
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question