# Event ID 578 kept filling my event log



## ljCharlie (May 28, 2003)

Will anyone help me diagnoze why I kept getting event id 578 on my security event log? This event log fills my event log in about 10 minutes of 500MB space. Is there to block this particular event log?

Oh, I should mention that this is our Windows 2003 DC sever.

Help is appreciated.


----------



## Chevy (Jul 25, 2003)

ljCharlie said:


> Will anyone help me diagnoze why I kept getting event id 578 on my security event log? This event log fills my event log in about 10 minutes of 500MB space. Is there to block this particular event log?
> 
> Oh, I should mention that this is our Windows 2003 DC sever.
> 
> Help is appreciated.


Event 578 is as Success Audit. You may be auditing an object that is accessed by everyone on your network.

What is the full text of the event?


----------



## ljCharlie (May 28, 2003)

Many thanks for your response. Here's what the actual texts say.



> Event Type:	Success Audit
> Event Source:	Security
> Event Category:	Privilege Use
> Event ID:	578
> ...


So how do I not audit this particular event?


----------



## Chevy (Jul 25, 2003)

You need to review the auditing settings on your file system (right click, select Properties, Auditing tab).

You've set either all files or folders, or at least some, to report successful access (opwnership changes, permissions changes, etc.)


----------



## ljCharlie (May 28, 2003)

Where do I "right click, select Properties, Auditing tab"? Are you reffering to the "*Default Domain Controllers Security Settings/Local Policies/Audit Policy* and/or *Default Domain Security Settings/Local Policies/Audit Policy*"? If this is what you're talking about then I already tried turn everything in these two location and still receiving this event log.


----------



## Chevy (Jul 25, 2003)

Right click on each drive (in My Computer view) and select Poprties->Security, then click on the Advanced button and check the Auditing tab.


----------



## ljCharlie (May 28, 2003)

I only have one drive, C drive, and there is nothing listed in the Auditing tab. So where else can I check now to turn off this particular event id?


----------



## ljCharlie (May 28, 2003)

So does anyone have a solution or an idea on how to resovle this issue? My security log fills up so quickly with this event id 578 that it does not have any space to log other events.


----------

