Windows 10: Microsoft Audit policy event viewer performance

Discus and support Microsoft Audit policy event viewer performance in Windows 10 BSOD Crashes and Debugging to solve the problem; Hello, we want to open the parameters under Audit local policy in our windows server systems, but we are afraid that it will bring too much load on... Discussion in 'Windows 10 BSOD Crashes and Debugging' started by serhatözdemir2, Mar 5, 2021.

  1. Microsoft Audit policy event viewer performance


    Hello,


    we want to open the parameters under Audit local policy in our windows server systems, but we are afraid that it will bring too much load on the system side.Does it cause too much swelling on the event viewer? This situation keeps the log as 20mb to you by default and causes too much CPU consumption in the systems.What would you recommend to take success and failure in the audit parameters?

    :)
     
    serhatözdemir2, Mar 5, 2021
    #1
  2. empleat Win User

    Disable auditing of successful events

    I want to disable auditing of successful events!

    This command worked (at least CMD said it did) Code:
    I need to check in event log, if there are reported any longer successful events. Problem is: overall there are too many categories to check manually!!!
    So i ran this command: Code:
    And i got:
    System audit policy
    Category/Subcategory
    "No auditing" for all categories!

    which is strange for 2 reasons:
    - i have auditing, minimally of failure events
    - there should be now auditing only for successful events...
    Also in local security policy program, there is under local policy/audit policy no auditing!
    While in Event Viewer i have literally under: Windows logs/Security listed events with name Audit success! So auditing had to be on! And this is even stranger, in local security policy program, i have not configured under Advanaced Audiot Policy Configuration/System Audit Policies - Local Group Policy Object. Which should be same category as by that command i used in cmd. And i had there not configured before. Which doesn't exclude auditing, if it is configured elsewhere.

    Difference is i have, in what should be same category, no auditing, if i use that command in CMD! But in local security policy program: i have not configured. Which contradicts itself!

    Now i am confused, what is what?!
     
    empleat, Mar 5, 2021
    #2
  3. Unexpected Audit Failure in Event Viewer

    I did make some progress in that I can disable the Audit Failure from being logged with the Event Viewer.

    Go to Command Promp (Admin) and enter:

    auditpol /set /subcategory:”Filtering Platform Connection” /success:disable /failure:disable

    Caveat: Someone posted that the Audit Failure will likely return the next day.

    Plus this is tantamount to replacing a fuse without fixing the underlying problem which is causing the fuse to blow.

    Still hoping an Event Viewer / "Filtering Platform Connection" guru will chime in.
     
    sdmike1974, Mar 5, 2021
    #3
  4. Nikhar_K Win User

    Microsoft Audit policy event viewer performance

    Error in Event Viewer

    Hi,



    Thank you for writing to Microsoft Community Forums.



    As you have mentioned, you have performed a repair installation on the computer and you see Event 508, 510 and 533 in Event Viewer.



    I would like to inform that if you see any critical error in Event Viewer, please share the event logs with us to help you with the appropriate troubleshooting steps. Please follow the steps mentioned below to share the event logs:



    1. Press Windows + X from the keyboard, select
      Event Viewer.
    2. Expand Windows Logs from the left pane and select
      Applications.
    3. Click Filter Current Log from extreme right pane. Then in the new windows check the box beside
      Error and click OK.
    4. Now, look for a critical Error in the list and note down the message/information from the
      General Tab in the lower section.


    Please reply with the status of the issue, we will be glad to help you further.



    Regards,

    Nikhar Khare

    Microsoft Community - Moderator
     
    Nikhar_K, Mar 5, 2021
    #4
Thema:

Microsoft Audit policy event viewer performance

Loading...
  1. Microsoft Audit policy event viewer performance - Similar Threads - Microsoft Audit policy

  2. Lots of completed Audits in Event Viewer

    in Windows 10 Gaming
    Lots of completed Audits in Event Viewer: Hello, i saw this in Event Viewer, is this normal? Its a lot it looks like but it could be normal but im not sure. https://answers.microsoft.com/en-us/windows/forum/all/lots-of-completed-audits-in-event-viewer/1c9b5edf-51a7-4199-9a46-c2d9034b3c86
  3. Lots of completed Audits in Event Viewer

    in Windows 10 Software and Apps
    Lots of completed Audits in Event Viewer: Hello, i saw this in Event Viewer, is this normal? Its a lot it looks like but it could be normal but im not sure. https://answers.microsoft.com/en-us/windows/forum/all/lots-of-completed-audits-in-event-viewer/1c9b5edf-51a7-4199-9a46-c2d9034b3c86
  4. Audit policy

    in Windows 10 Gaming
    Audit policy: Hi! I want to monitor user activities of each user, and I'm using winlogbeat on windows server VM to collect audit log. I enabled recommended policy following this link...
  5. Audit policy

    in Windows 10 Software and Apps
    Audit policy: Hi! I want to monitor user activities of each user, and I'm using winlogbeat on windows server VM to collect audit log. I enabled recommended policy following this link...
  6. What these audits logs in event viewer?

    in AntiVirus, Firewalls and System Security
    What these audits logs in event viewer?: My audit logs seems to be all turned off: [ATTACH] I would like some explanation on these why am I seeing "logon" events if they are turned off? [ATTACH] Can we turn these on / off and how? PS: I understand turning these off are probably idea, but since I am...
  7. Event Viewer Audit Failures for SeTcbPrivilege

    in AntiVirus, Firewalls and System Security
    Event Viewer Audit Failures for SeTcbPrivilege: Hello, We are getting many Security Audit Failures in Event Viewer while livestreaming our church services. We notice it only does this on the Windows 10 Pro box not the Windows 10 Home. "Event 4673 A privileged service was called. Privileges: SeTcbPrivilege. Process Name:...
  8. Unexpected Audit Failure in Event Viewer

    in Windows 10 BSOD Crashes and Debugging
    Unexpected Audit Failure in Event Viewer: Even with years of experience with Windows operating systems I am in the unenviable position of trying to diagnose an Audit Failure in the Event Viewer for Windows 10 on my Toshiba laptop that just reared its ugly head recently. It is perhaps noteworthy that I am not seeing...
  9. Audit Failure reports in Event Viewer

    in Windows 10 Performance & Maintenance
    Audit Failure reports in Event Viewer: Since the PC upgraded to Windows 10 version 1803 build 17134.191, the event log on start up repeatedly gives the three different audit failures below. I have managed to clear all the other problems the event log has displayed but with these three I am at a lost as to the...
  10. Event Viewer -- Audit Failure 5061

    in Windows 10 Performance & Maintenance
    Event Viewer -- Audit Failure 5061: I continue to get this event in the Event Log under Audit Failure. I never had in Windows 8.1 and it started after upgrading to 10. Does anyone have a clue about it? Cryptographic operation. Subject: Security ID: SYSTEM Account Name: xxxx Account Domain: xxxx...