KBI 311643 Many Audit Failures Found In Security Event Log
Version
Argent Advanced Technology – All Versions
Date
Tuesday, 10 April 2018
Summary
It was observed that after removing domain administrator level privileges from the Argent Service Account, multiple audit failures were found in the Security Event Log of the Domain Controller while reading Event logs from Argent for Compliance
Technical Background
There are multiple ways Argent for Compliance can read the Security Event Log from a server, the default option is ‘Read Event Log File Directly’
When ‘Read Event Log File Directly’ is used, multiple audit failure Events while attempting to read the Event log via a UNC path can be seen
Resolution
Use the ‘Vista Event Log API’ method for reading Event logs instead