我在事件日志中看到很多条目:
The Windows Filtering Platform has permitted a connection.
Application Information:
Process ID: 4
Application Name: System
Network Information:
Direction: Inbound
Source Address: 10.xxx.xxx.xxx
Source Port: 80
Destination Address: 10.xxx.xxx.xxx
Destination Port: 31773
Protocol: 6
Filter Information:
Filter Run-Time ID: 67903
Layer Name: Receive/Accept
Layer Run-Time ID: 44
我们有一个负载均衡器,它每秒检查一次应用程序是否仍在运行(健康检查)。日志包含大量此类条目,这导致事件查看器运行缓慢,很难找到更有趣的日志。
我如何确保这些消息不会出现在事件日志中?
答案1
您可以使用以下命令行语句关闭此类日志:
auditpol /set /subcategory:"Filtering Platform Connection" /success:disable /failure:enable
答案2
是的,你可以通过多种方式摆脱......
来源:http://www.morgantechspace.com/2013/09/event-id-5156-filtering-platform.html
解决方案 1:如果您想摆脱此过滤平台连接事件 5156,那么您需要在提升的命令提示符(以管理员身份运行)中运行以下命令:
Auditpol /set /subcategory:"Filtering Platform Connection" /Success:disable
然后通过此命令更新 gpo
gpupdate /force
解决方案2:
您也可以在本地安全策略的高级审计策略配置中禁用过滤平台连接。
1. Press the key Windows + R
2. Type command secpol.msc, click OK
3. Then go to the node Advanced Audit Policy Configuration->Object Access.
4. Check the audit setting **Audit Filtering Platform Connection** If it is configured as Success, you can revert it Not Configured and Apply the setting.