Security Event Logs being cleared by User=SYSTEM, Cannot dermine process

ASP Free Forums Sponsor:

November 6th, 2009, 08:07 PM

acuster69

Registered User

Join Date: Nov 2009

Posts: 1

Time spent in forums: 8 m 54 sec
Reputation Power: 0

Other - Security Event Logs being cleared by User=SYSTEM, Cannot dermine process

OK, I am dumbfounded on this one.

Our Security event logs are being cleared. This is a serious violation of out ITRM policy for obvious reasons. The event log states USER=system. Clearing always occurs at the top of the hour. This behavior is indicative of a script or EXE. All the obvious have been checked; GPO and scheduled tasks. We have checked the other logs, and nothing occurs around the same time. The SA team is thinking it is an application proc doing this, but I need definitive proof of the root cause.

Is there any other logs, or auditing that will show what proc, running under the system context, is clearing the security log? Or does anyone know of a free app that has more granular auditing.

I am hoping this community can help me before I open a case with MS

Thanks In Advance
Aaron

Viewing: ASP Free Forums > System Administration > Windows Security > Other - Security Event Logs being cleared by User=SYSTEM, Cannot dermine process

« Previous Thread | Next Thread »

Thread Tools	Search this Thread
Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts vB code is On Smilies are On [IMG] code is On HTML code is Off

View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox

Forum Jump

Free IT White Papers!

Create the Optimal Architecture for your Critical Applications
Warburton's the largest independently owned bakery in the UK faced a number of difficult challenges in providing the most robust yet efficient IT infrastructure for their organization's success. IBM's services combined with their xSeries servers created the perfect platform for their SAP environment with sufficient flexibility, and did so in very time effective fashion.

Five Best Practices for Deploying a Successful Service-Oriented Architecture
This white paper describes the benefits you can expect with SOA, and how IBM can help take your business there.

Gartner Magic Quadrant for Application Delivery Controllers
Gartner summarizes its view on Application Delivery Controllers, evaluates strengths and weaknesses of solutions, and provides Magic Quadrant reporting for a quick comparison across all vendors. Learn from Gartner how you can benefit from an all-in-one device like Citrix NetScaler that delivers the highest levels of availability, performance and security.

Knowledge is Power
What you don't know can hurt you, and is likely costing you money and increasing your security risks during an era of scarce resources. This white paper proposes six key strategies that enterprise security managers can use to improve their network defense posture.

Rationalizing the Multi-Tool Environment
The rationalized multi-tool approach is flexible, scalable and cost effective. It provides the necessary input to the IT service management business processes. It preserves prior investments in monitoring tools, empowers technologists to select the best tools with which to do their jobs, and enhances effective response to incidents.

More Free IT White Papers!