Forum

Ultimate Windows Security Forum » Security Log » 528 - Successful Logon » Event 528 Missing Source IP

Event 528 Missing Source IP

Rate Topic

Display Mode

Topic Options

Author

Message

PaulL

Posted 9/27/2011 8:06:34 PM

Forum Newbie

Group: Forum Members
Last Login: 6/26/2013 11:23:50 AM
Posts: 6, Visits: 11

What would cause the source address to be missing in 528 events from Windows 2003 servers? I see this constantly and it greatly diminishes the value of these logs.

Best Regards,
Paul

Post #807

PaulL

Posted 9/29/2011 9:24:05 PM

Forum Newbie

Group: Forum Members
Last Login: 6/26/2013 11:23:50 AM
Posts: 6, Visits: 11

*bump*

Post #808

RandyFranklinSmith

Posted 11/14/2011 8:29:28 AM

Expert

Group: Administrators
Last Login: 4/20/2009 7:57:33 AM
Posts: 329, Visits: 0

what is the logon type # in the event? if it is 2 then it is an interactive logon at local console and thus no IP

Post #843

PaulL

Posted 11/17/2011 2:49:49 PM

Forum Newbie

Group: Forum Members
Last Login: 6/26/2013 11:23:50 AM
Posts: 6, Visits: 11

There are type 2's, but I'm also seeing plenty of event type 4 and 5. Interesting, most of the type 2's are not a human at the physical (or nowadays virtual) console. They are a service accounts logging in via some automated process.

Best Regards,
Paul

Post #855

« Prev Topic | Next Topic »

Permissions

All times are GMT -5:00, Time now is 2:57pm

Upcoming Webinars

Pivoting from Linux to Windows: Using Behavior to Detect Intrusions Involving Edge Devices

Additional Resources

Home

Forum

User name:
Password:
	/ Forgot?
	Register

Home

About | Contact

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2008 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.