Forum

Ultimate Windows Security Forum » Security Log » 528 - Successful Logon » Event 528 Missing Source IP

Event 528 Missing Source IP

Rate Topic

Display Mode

Topic Options

Author

Message

PaulL

Posted 9/27/2011 8:06:34 PM

Forum Newbie

Group: Forum Members
Last Login: 11/18/2011 4:58:41 PM
Posts: 4, Visits: 4

What would cause the source address to be missing in 528 events from Windows 2003 servers? I see this constantly and it greatly diminishes the value of these logs.

Best Regards,
Paul

Post #807

PaulL

Posted 9/29/2011 9:24:05 PM

Forum Newbie

Group: Forum Members
Last Login: 11/18/2011 4:58:41 PM
Posts: 4, Visits: 4

*bump*

Post #808

RandyFranklinSmith

Posted 11/14/2011 8:29:28 AM

Expert

Group: Administrators
Last Login: 4/20/2009 7:57:33 AM
Posts: 326, Visits: 0

what is the logon type # in the event? if it is 2 then it is an interactive logon at local console and thus no IP

Post #843

PaulL

Posted 11/17/2011 2:49:49 PM

Forum Newbie

Group: Forum Members
Last Login: 11/18/2011 4:58:41 PM
Posts: 4, Visits: 4

There are type 2's, but I'm also seeing plenty of event type 4 and 5. Interesting, most of the type 2's are not a human at the physical (or nowadays virtual) console. They are a service accounts logging in via some automated process.

Best Regards,
Paul

Post #855

« Prev Topic | Next Topic »

Permissions

All times are GMT -5:00, Time now is 9:46am

Upcoming Webinars

AD Audits: Top 7 Questions to Answer When Auditors Look at Account Management and Access Control in Active Directory

Additional Resources

Home

Forum

User name:
Password:
	/ Forgot?
	Register

Home

About | Contact

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2008 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.