Filling up the Windows 2003 security audit log - secWinAD
I am getting about 25 logon/logoff messages (mostly event id 552) every second logged to the Windows 2003 security log. The user in the message is the service account we use for Active Directory integration. We only have about 25 users logged in. Why am I seeing so much activity? The 300 meg log is showing less than 24 hours of activity before it is being overwritten. We are on BOE XI R2 SP3 using WebSphere WAS.
Tim Ziemba replied
I'd suggest contacting IBM to verify you have their latest version of the java SDK (1.5 or above is recommended)
using udp_preference_limit =1 in the libdefaults section of the krb5.ini to force TCP
And if those don't work then open a message with support to investigate.