This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Lansweeper v. 11.1.1.3 generated huge amount of security logs

Chao
Engaged Sweeper

‎11-04-2023 01:41 AM

Lansweeper scanner is unusable.  It generated over 50GB of logs in couple hours.  I've to stop the service. otherwise, the hard drive is filled up in an hour and wipe out all other security logs.

list.PNG

event4648.PNG

Labels:
0 Kudos
5 REPLIES 5
jduke_halls
Engaged Sweeper III

‎11-08-2023 04:55 PM

Thanks to @jgauthier1986 who posted in the other thread that version 11.1.2.1 is out. Changelog hasn't been updated as of yet, but the update fixed the LSASS/Kerberos DOS issue in our environment.  

https://www.lansweeper.com/update-lansweeper/

KrisK
Lansweeper Tech Support
Lansweeper Tech Support

‎11-07-2023 02:23 PM

This issue should be addressed in the next version, which will be released very soon.

In some circumstances, the Active Directory cleanup procedures never finished and caused an excessive amount of ldap queries. We're sorry for the inconvenience this has caused.

In the meantime, if you would like to continue using version 11.1.1.3, we recommend the following:

  • disable all on-premises AD cleanup options from the "Server options" page
  • disable the on-premise AD refresh options from the "Scanning targets" page
  • restart the Lansweeper service to activate these changes

 

 

jduke_halls
Engaged Sweeper III

‎11-06-2023 08:16 PM

Yep. Seeing the same thing. I was seeing 130-150 Kerberos Authentication Tickets per second with the Lansweeper Server service running

I opened a ticket with support. I'd recommend doing the same.

Link to the thread I started about the issue: https://community.lansweeper.com/t5/general-discussions/scanner-behavior-after-upgrade-to-11-1-3/td-...

0 Kudos
RolandB
Engaged Sweeper III

‎11-06-2023 09:59 AM

I see the same problem and the "Local Security Authority Process" is running with higher CPU

0 Kudos
IanC
Engaged Sweeper

‎11-04-2023 09:57 AM

We are also seeing an overwhelming amount of security logs (kerberos service/authentication tickets) being created since upgrading to v11.1.1.3.

2 - 4 million logs (eventID:4768/4769) have been created every day for the past week! I had to stop the service as well.  I hope someone at LS realizes this is a huge issue.

0 Kudos

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now