why not this event over netstat? Expand / Collapse
Author
Message
Posted 2/4/2019 12:08:41 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 2/25/2019 1:29:53 PM
Posts: 2, Visits: 4
I've always understood that netstat only provides data on the current network connections. If windows event 5158 logs all port binds, why would I ever care about netstat? Seems I would be better off searching logs for a previous port bind

Unfortunately, I can see that this event is not getting logged. So maybe part of the problem is that port binds are not logged by default? Still seems it would be a best practice to do so.
Post #8540
Posted 2/24/2019 1:43:34 PM
Supreme Being

Supreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme Being

Group: Moderators
Last Login: 11/14/2013 3:17:47 PM
Posts: 223, Visits: 0
These events are extremely noisy and will drastically increase the amount of events being processed. It may or may not make sense to log these events but it all depends on your use case. Netstat is primarily a troubleshooting tool that is often easier to use than analyzing logs.
Post #8544
Posted 2/25/2019 1:34:23 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 2/25/2019 1:29:53 PM
Posts: 2, Visits: 4
Darn. Is it noisy because it is logged for all port binds: listening and sending?

Is there an event for opening a port for listening(5154?)? That should not be crazy frequent and I do not know why we can only react to what is listening now (via netstat) rather than query the event of an app starting to listen.
Post #8550
« Prev Topic | Next Topic »


Permissions Expand / Collapse

All times are GMT -5:00, Time now is 8:32am