我在事件日志中看到了很多条目:
The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4 Application Name: System Network Information: Direction: Inbound Source Address: 10.xxx.xxx.xxx Source Port: 80 Destination Address: 10.xxx.xxx.xxx Destination Port: 31773 Protocol: 6 Filter Information: Filter Run-Time ID: 67903 Layer Name: Receive/Accept Layer Run-Time ID: 44 我们有一个负载均衡器,每秒检查一次,看看应用程序是否仍在运行(健康检查)。 这些日志包含大量的这种条目,这使得事件查看器变慢,很难find更有趣的日志。
我如何确保这些消息不会在事件日志中结束?
您可以使用以下命令行语句closures这种types的日志:
auditpol /set /subcategory:"Filtering Platform Connection" /success:disable /failure:enable
是的,你可以摆脱许多方面..
资料来源: http : //www.morgantechspace.com/2013/09/event-id-5156-filtering-platform.html
解决scheme1:如果您想摆脱此筛选平台连接事件5156则需要在提升的命令提示符(以pipe理员身份运行)中运行以下命令:
Auditpol /set /subcategory:"Filtering Platform Connection" /Success:disable
然后用这个命令更新gpo
gpupdate /force
解决scheme2:
您也可以在本地安全策略的“高级审核策略configuration”中禁用“筛选平台连接”。
1. Press the key Windows + R 2. Type command secpol.msc, click OK 3. Then go to the node Advanced Audit Policy Configuration->Object Access. 4. Check the audit setting **Audit Filtering Platform Connection** If it is configured as Success, you can revert it Not Configured and Apply the setting.