PAMSC- Audit logs are filling up the Event Viewer logs in Windows
Article ID: 265765
Updated On:
Products
CA Privileged Access Manager - Server Control (PAMSC)
Issue/Introduction
On Windows Server 2012 R2, informational events from CA Privileged Access Manager Server Control Engine are filling the Application Event logs in under 24 hours. Is there a way to decrease the logging level on a per machine basis?
Environment
Release :
Cause
It seems the Event logs are flooded by such messages where BESClient.exe is trying to kill sesudo.exe and SEOS is blocking the acition
Client\BESClient.exe Date: 01 May 2023 Time: 09:21 Details: Attempting to terminate CA Privileged Access Manager Server Control User Logon Session ID: 18772ef4-b7ab-45f6-aa69-54ca1a77523e Audit flags: AC database user </Data>
\ca\pamsc\bin\sesudo.exe Access: Kill User name: SYSTEM Program: C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe Date: 01 May 2023 Time: 09:21 Details: Attempting to terminate CA Privileged Access Manager Server Control User Logon Session ID: 18772ef4-b7ab-45f6-aa69-54ca1a77523e
Resolution
BESclient is an application/services monitoring tool. Stopping BESclient from trying to manage our protected services will stop these messages from occuring.
Feedback
Yes
No
Powered by
