Register

Forgot Password

Site FAQ

Home > IT Answers > Networking > Everyday Security log become full and user ca...

aliyani

265 pts.

Everyday Security log become full and user can't logon...........

Networking, Security, Network monitoring, Performance management, Microsoft Windows

Hi,
Sometimes in some of computers in my domain when I check their eventlog I see some events about other users logon in their security log like bellow:
-------------
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 538
Date: 2006/09/27
Time: 10:09:32 ?.?
User: S-1-5-21-727744907-765012080-2873131892-1146
Computer: COMPUTER-25
Description:
User Logoff:
User Name: bahra-f
Domain: itdomain
Logon ID: (0x0,0x1F256B)
Logon Type: 3

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
-----------
That the Computer-25 is the name of computer and bahra-f is the username of other user in the domain thet can't logon on this computer.
What's the meaning of this security message log?
In my domain everybody can logon just on her or his computer and all of them is winxp pro sp2 and the domain OS is Win server 2003 R2.
Now for some of users everyday the security log become full and they can't logon and I should clear their logs.
Could you please help me!!!???
Thank you.
-----
Regards
Mahnaz

ASKED: Oct 9, 2006 5:28 AM GMT

UPDATED: October 10, 2006 3:46:40 PM GMT

RELATED QUESTIONS

petroleumman

0 pts.

Answer Wiki:

Hello,

A Logon Type 3 event is generated most commonly when a user logs on to a remote computer on a network for such purposes as to access a shared file or folder which is available on that computer. It can also be triggered by IIS logons if IIS is running on this computer. Have you noted any event ID #528 (successful logon) with a logon type 2 in your security logs? Logon type 2 indicates an interactive logon which occurs when a user logs on to a computer from the console.

Hope that helps!

Good luck!

Last Wiki Answer Submitted: Oct 9, 2006 8:44 AM (GMT) by petroleumman

0 pts.

To see other answers submitted to the Answer Wiki View Answer History.

RSS - Discussions Help

Discuss This Question:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

POSTED: Oct 9, 2006 2:48 PM (GMT)

Why don’t you just set the logs to overwrite events as needed?
If you right click on the log and chose properties, you can set the maximum log size larger and tell it to “Overwrite events as needed”. I you do this, the logs won’t overflow.
rt

astronomer

0 pts.

POSTED: Oct 10, 2006 3:46 PM (GMT)

As was already stated, you should just set a group policy to set the security event logs on all these PCs to “overwrite events as needed”. Another option worth considering is the “prohibit logon if security log full” option- turn it off.

There’s no need to kill yourself with trying to catch people logging on and off the local PC when the domain controllers will log any logon/logoff to the domain anyways.

I would set the event log size and remote the restriction to prohibit logon if sec log is full with group policy as stated above.

You might consider getting a security event log management software like manage engine’s event log analyzer http://manageengine.adventnet.com/products/eventlog/index.html
(free for up to 5 hosts) to record all of the domain controller security logs to catch who is doing what.

PDMeat

0 pts.

Ask a Question

Browse IT Answers by Topic

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2012, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags