Excessive Windows Security Logging in Process Automation

Document ID : KB000009291
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

Our networking team has observed that the JDK on our Process Automation server is attempting to access files within: 

D:\CA\PAM\server\c2o\catalyst\registry\topology 

many times per second. The result is that the Windows security log is being written to in excessive amounts. Which means that, every few hours, the the Windows log is completely rolling over--eliminating the ability to research system issues any further out than a few hours. 

Resolution:

There isn't anything specific in the Process Automation or JBoss applications that is pushing updates to the security log, however it is dependent on the audit policy set for the server.

If auditing is fully enabled, then every time there is polling, an event for login and logout will be recorded in the security log. And each action - success or failure - will generate an entry. 

Your network team can adjust the audit policy for the server at the domain controller. 

Microsoft has a library document specific to configuring the audit policies here:

https://technet.microsoft.com/en-us/library/dd277403.aspx