More

Zabbix Windows Security event id 5156

By Antti Hurme 31/10/2016 No Comments 0 Min Read

Noticed in one case the Zabbix agent was spamming the Windows Security eventlog with events “filtering platform connection” of status success and event id 5156. This was especially true when disk space was low and the agent seemed to query the disk space a lot more frequently. This caused the log file to fill up even faster which helped the disk space to fill up.

To get around this, I disabled the success events from filtering platform connections while leaving the failed events on based on this technet article here.

auditpol /set /subcategory:"Filtering Platform Connection" /success:disable /failure:enable
Written By

Who am I? | Linkedin

View All Articles
S
E
Leave a Reply

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.

This site uses Akismet to reduce spam. Learn how your comment data is processed.