1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Security logging in event viewer

Discussion in 'General Security' started by crofty, May 3, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. crofty

    crofty Thread Starter

    Joined:
    Jun 10, 2004
    Messages:
    281
    Hi
    Using windows Xp pro with sp3 and all Microsoft updates.
    I have started security logging in the event viewer, as there was none. I used the site in link below to start logging.
    http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/els_start_security_log.mspx?mfr=true

    I have set everything to success and failure.
    In event viewer.
    The Windows Firewall has detected an application listening for incoming traffic.

    Name: -
    Path: C:\WINDOWS\system32\svchost.exe
    Process identifier: 1676
    User account: NETWORK SERVICE
    User domain: NT AUTHORITY
    Service: Yes
    RPC server: No
    IP version: IPv4
    IP protocol: UDP
    Port number: 49986
    Allowed: No
    User notified: No

    I have windows firewall turned off as i use Outpost free . just curious if this should happen with windows firewall is disabled.

    Also there has been created in start programs see attachment?

    As you may have guessed i am pretty thick, so try not to get to technical.

    Cheers
     

    Attached Files:

  2. crofty

    crofty Thread Starter

    Joined:
    Jun 10, 2004
    Messages:
    281
    I went into console 1 which was created when i started security logging. and changed properties to only success see attachment
    That has stopped any events in viewer concerning windows firewall, which was filling up with them.

    If i was to stop windows firewall in services instead of turning firewall in security centre, would that also stop any logging .

    I will now not post anymore to i get a reply.
    I will have to leave shortly, check back tomorrow.

    Also if anyone could tell me what to have running in console 1 ( see in attachment), don't know if i need them all.


    Cheers :eek:
     

    Attached Files:

  3. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    77,757
    I guess I'm confused as to what you are asking. If you stop the firewall in services, yes, that would stop any logging. I wouldn't recommend that unless you are on a domain or have a third party firewall in place; also, if it's the latter, you don't want to have two firewalls running at once, that can cause conflict.
     
  4. crofty

    crofty Thread Starter

    Joined:
    Jun 10, 2004
    Messages:
    281
    I have only Outpost free firewall running.
    I have windows firewall turned off through security center, even so it is turned off, in services it is still running.


    .
     
  5. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    77,757
    go ahead and turn off the firewall in services, that will stop it and all logging.
     
  6. crofty

    crofty Thread Starter

    Joined:
    Jun 10, 2004
    Messages:
    281
    Thanks valis


    Did you have a look at the attachment for console 1 , and if you did do you know if i need all to have success and failure, if not i will check back tomorrow and see if anyone has replied.

    Cheers and thanks for your assistance
     
  7. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    77,757
    no worries. :) Sorta what we are here for.

    if you are logging, then yes, you want to have both; if you have just one or the other, you will only be logging successful attempts or failed attempts. Again, however, you don't want to have dueling firewalls on a machine.
     
  8. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    11,876
    I think I read somewhere that auditing 'Object Access' and 'Process Tracking' will fill up the logs pretty quick, as a lot of entries are generated. And, it might scroll away some important entries. If you intend to keep these 2 audited, adjust the log size to something big. Open up Event Viewer and right click on each log ( Application. Security, and System ) and choose Properties, in there you can set the size of the log database.
     
  9. crofty

    crofty Thread Starter

    Joined:
    Jun 10, 2004
    Messages:
    281
    Once again thanks valis, (y)
    yep i have only one firewall running.


    Thanks lunarlander(y)
    Yep the log is filling up rather quickly, will look into 'Object Access' and 'Process Tracking' .

    Cheers:)
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/920760

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice