That's exactly what I would have thought - I would check both the audit policy as well as the audit settings under the advanced security settings for the directory in question to see what is being audited. Incorrect audit settings can generate massive amounts of events.
Thanks, James Winzenz Infrastructure Engineer - Security Pulte Homes Information Services ________________________________ From: Turner, Robert D. Jr [mailto:[EMAIL PROTECTED] Posted At: Friday, June 20, 2008 4:28 AM Posted To: AD Issues Conversation: Rg Security Logs Subject: RE: Rg Security Logs Are you sure all servers have auditing set the same way? Maybe the one with all the events is auditing more than the others. Bob ________________________________ From: Jon Harris [mailto:[EMAIL PROTECTED] Sent: Friday, June 20, 2008 6:22 AM To: Active Directory Admin Issues Subject: Re: Rg Security Logs ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ ~ CONFIDENTIALITY NOTICE: This E-Mail is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you have received this communication in error, please do not distribute and delete the original message. Please notify the sender by E-Mail at the address shown. Thank you for your compliance. ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ ~ CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by email and delete the message and any file attachments from your computer. Thank you. ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ <http://www.sunbelt-software.com/product.cfm?id=400> ~
