Do you have success logging turned on for the firewall? (Control panel, admin, Windows firewall..., properties of the top node...)
________________________________ From: James Rankin [[email protected]] Sent: Wednesday, June 08, 2011 1:44 AM To: NT System Admin Issues Subject: Object auditing event overload Anyone have any idea why, when I turn on "audit object access" on my Windows 2008 R2 servers, my security logs get swamped with event id 5156 "the Windows Filtering Platform has permitted a connection"? I found a reference to turning off audit subcategories by using this command - auditpol /set /subcategory:"Filtering Platform Connection" /success: disable /failure: disable - but that only works for plain 2008, not 2008 R2. Anyone know how to get around this, or what command I could use to disable it? TIA, JRR -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said deathmatch and wager vast sums of money on who will be the winner. If the fight becomes boring or there is a stalemate, I will release rabid dogs and my two-stone cat into the arena to liven things up a bit. If these animals become in any way docile, I will squirt them with water pistols until they become a bit more temperamental. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
