1 Reply Latest reply on Mar 30, 2017 12:19 PM by dlitteer

    How to reduce footprint of Windows Service accounts

    adam.white@firstrate.co.uk

      Hi there,

       

      I was wondering whether anyone had any advice on how to tune out the volume of events received from Service Accounts?

       

      I have followed the auditing policy as per https://support.solarwinds.com/Success_Center/Log_Event_Manager_(LEM)/Audit_Policies_and_Best_Practices_for_LEM

       

      However, we have applications like BizTalk and Solarwinds Orion, which constantly sends authtentication logs to our LEM for Service Account activity being logged to the Windows Security log.

       

      Obviously I could stop the audit log on those servers, but that defeats the purpose really of having LEM and will not do our PCI any good. It would also mean disabling on the DC's which I wouldn't want to do.

       

      Any best practise for managing this noise would be greatly apprecaited.

       

      Regards

       

      Adam