Solved

Security log filling up

Posted on 2013-01-15
7
120 Views
Last Modified: 2015-06-23
My server 2008r2 security log is filling up with over 6000 5145 and 5156 events every 30 seconds. What is happening?
0
Comment
Question by:daveschultz7777
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 17

Expert Comment

by:Kent Dyer
ID: 38781209
If am reading this correctly, this is in the Event Viewer..

What does your Event Viewer show when you open these up?

That is where I would start.

HTH,

Kent
0
 

Author Comment

by:daveschultz7777
ID: 38781230
Closer examination of the log shows 3 users (out of 35) are creating all the 5145 events. The 5145 events (Detailed File share) are followed by 5156 events (Filtering Platform Connection).
I don't know if they are related to each other. I suspect some virus activity may be causing the 5145 events. I won't know until tomorrow when I can get onsite.
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 38781234
It looks like someone is accessing a network share continously and it's taking so much ram and processor that it's causing registry problems.

Are you being hit by an virus from inside? or possibly an app that is stuck in a loop?

http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=5145
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 

Accepted Solution

by:
daveschultz7777 earned 0 total points
ID: 38787009
I found the computer causing the the problem. Removed it from the network and everything returned to normal. It had a virus and is being cleaned.
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40845593
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question