« Previous Next »

Thread: Security event log flooded with 540/438 eventids when querying with LogParser

Last post 11-20-2008 11:43 AM by Dauhee. 0 replies.

Average Rating Rate It (5)

RSS

Page 1 of 1 (1 items)

Sort Posts:

Shortcuts

Search | Active Posts | Unanswered Posts | View all users

  • 11-20-2008, 11:43 AM

    • Dauhee
    • Not Ranked
    • Joined on 11-20-2008, 11:38 AM
    • Posts 1

    Security event log flooded with 540/438 eventids when querying with LogParser

    Reply Contact

     Hi all,

     

    When querying event logs with COMEventLogInputContextClassClass, the security eventlog gets flooded with logon/off eventid's. For example If querying the Application log on Machine X, it appears there is a logon/off put into the Security log for every record pulled out of the Application lo:

     Successful Network Logon:
         User Name:    xxx
         Domain:        xxx
         Logon ID:        (0x0,0x82461027)
         Logon Type:    3
         Logon Process:    NtLmSsp
         Authentication Package:    NTLM
         Workstation Name:    yyy

    User Logoff:
         User Name:    xxx
         Domain:        xxx
         Logon ID:        (0x0,0x82461027)
         Logon Type:    3
     

    I've tried a number of things but its driving me crazy! Any help would be much appreciated!

    Dauhee.

    Tags:
Page 1 of 1 (1 items)
Microsoft Communities