Windows Logfile and ServersCheck

In our Windows Logfile we see a many entrys from ServersCheck User. Every Second is a entry but the rule is starting every 3 minutes. Why so many entrys in the logfile?

What windows log file are you talking about (Windows Event Log) and what are the entries?

The Windows Event Log for Security and the entries was allways the same:



Logon ID 540

Logon ID 576

Logoff ID 538



here was one event:



Event Type: Success Audit

Event Source: Security

Event Category: Logon/Logoff

Event ID: 538

Date: 09.10.2007

Time: 09:27:08

User: XXX

Computer: XXX

Description:

User Logoff:

User Name: XXX

Domain: XXX

Logon ID: (0x0,0x1440B5F8)

Logon Type: 3





For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

When checking remote servers (for Windows based checks), then ServersCheck connects to the system by logging on and logging off.

ok this is normal but every second is not normal

the rule checks every 3 Minutes, not every second

why is every second the logon and logoff

How many rules are defined?

for one Windows Maschine was 4 Rules defined

CPU

RAM

HDD



we don´t like the windows health becouse we logging into a SQL Database and Reporting from this Base. For better reporting we need always one Value not 3 Values in one Cell



Ping

but for this rule we need no logon :-)

Each rule is a different logon to the server with a logoff afterwards in order not leave connected sessions open. For the WINDOWSHEALTH check type it is just one connection.

ok but the rules check not every second

the cpu check is every 3 minutes

the ram check is erver 5 minutes

the HDD check is every 10 minutes



this check can not make every second a logon or logoff event

I can't explain it beyond that as our test servers do not show such activity on remote servers in terms of logging. Maybe something else is using the ServersCheck user account.



Sorry but can't say more than this.