we received thousands events from DNS server ( Logon Failure "\" ),
but we cant solve or understand this problem, so we need to solve or ignore it or understand the reason,
As HerrDoktor indicated, this appears to be a simple matter of SEM receiving log data from this source server, which happens to be running the DNS role function.
I suggest you review the Windows events on the source server to confirm the original log event messages are the same as you are seeing in SEM. They will be, but best to check.
It is a case of determining what is creating these log entries, which you indicate is the DNS Server role application. Google (or your preferred engine) the Event ID error. Trace the source server to determine if there is a rogue app or DNS secondary server trying to make updates with the wrong credentials.
Your Group Policy Audit settings are configured to determine what events generate log entries, and therefore what you see in SEM, so review if you are over logging.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.