[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Server 2008 R2: Filtering out a specific event from being logged in the Security log?

Posted on 2016-10-19
6
Medium Priority
?
93 Views
Last Modified: 2016-10-25
I enabled audit access on a file server by following the instructions here: https://blogs.technet.microsoft.com/mspfe/2013/08/26/auditing-file-access-on-file-servers/

It has worked very well. The only issue is that we have a file sync process running on the server which is constantly reading many files. The activity from this process is populating the logs extremely quickly to the point that it is generating several 300MB log files a day.
If just this one software was not included, the logs would not grow so quickly.

How can I configure it so WIndows will not log the events started from this one process?
0
Comment
Question by:SeeDk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 56

Expert Comment

by:McKnife
ID: 41850660
You can setup auditing for certain user groups. Only audit groups that don't contain the account that you use for your sync process.
0
 

Author Comment

by:SeeDk
ID: 41851903
We have been using the domain admin account for the sync process. And it is one of the accounts we want to monitor given the level of access it has.
There is no way to filter by process or file name? The process is started by a batch file, can that file be filtered out from logging?
1
 
LVL 56

Expert Comment

by:McKnife
ID: 41851910
Wait, you use the domain admin for a simple sync? Don't. Use another account, think of the least privilege principle. Other accounts can be granted the permissions needed for this task easily.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:SeeDk
ID: 41851948
I guess it was the easiest way to set it up back when it was done.
It should be simple to change.
So after I create an account just for this process, where do I find the option to edit out this account?
0
 
LVL 56

Accepted Solution

by:
McKnife earned 2000 total points
ID: 41852363
"edit out"? What do you mean? I cannot advise how to handle your (unknown) sync software.
The plan is to edit the audit policies so that not everyone is audited. So that new account you switch to for the sync should not be part of the groups that you audit. If at this time you audit the "everyone" group, this obviously needs to be changed.
0
 

Author Comment

by:SeeDk
ID: 41852418
Thanks, I get it now. Yeah, I only meant changing the group that is audited, nothing about the sync software.
 I have it set as "Everyone" so I need to change this.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How does someone stay on the right and legal side of the hacking world?
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question