|
Posted by Steven L Umbach on May 4, 2006, 3:40 pm
Please log in for more thread options I don't know how you are seeing duplicate events because what is recorded in
the security log is what is happening on that computer. For instance when
auditing of logon events is enabled on a computer it will show when a
computer/user attempts to access the computer either via interactive logon
or via network share such as type 3 logon. These events would not be
recorded on a domain controller. You might however see an "account logon"
event recorded on a domain controller at the sane time as you see a logon
event on a domain computer because the user is authenticating to the domain
controller. You would not however see hack attempts on the domain computer
for " local" user accounts such as the built in administrator account in the
security log of a domain controller as account logon attempts. They would
only show in the security log of the domain computer. -- Steve
> hello there
>
> I am shipping all the security and application event log from servers to a
> log agregation tool and i see some duplication of events from both the
> domain controlers and the normal machines.
> I am wondering if I even should ship the security evetn logs to the tool
> if i am already shipping the security evetns from the DCs?
>
> I have tons of duplications anybody knows ?
> any ideas ? am I missing somethings ?
>
| 
XML Sitemap