<![CDATA[
<p><a href="https://learn.microsoft.com/en-us/answers/questions/653193/disable-logging-of-certain-events.html" target="_blank" class="ke-link">https://learn.microsoft.com/en-us/answers/questions/653193/disable-logging-of-certain-events.html</a>    </p><p> </p><p>윈도우키 + R</p><p>perfmon</p><p> </p><p>성능에서 레벨 찾아 보라고 하는대 그런 옵션은 없는 것 같다.</p><p>(성능)->데이터 수집기 ​​세트->이벤트 추적 세션에서 EventLog-Application을 선택하고 [ENTER]를 누릅니다.</p><p> </p><p>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger</p><p>여기서 자신의 이벤트가 되는 키를 검색 하면 된다.</p><p> </p><p>Enabled </p><p>이것을 1로 하면 사용</p><p> </p><p>Enabled</p><p>0으로 하면 중지다.</p><p> </p><p><a href="https://learn.microsoft.com/ko-kr/windows-server/administration/windows-commands/auditpol-list" target="_blank" class="ke-link">https://learn.microsoft.com/ko-kr/windows-server/administration/windows-commands/auditpol-list</a></p><p><a href="https://superuser.com/questions/1516725/how-to-disable-windows-10-system-log" target="_blank" class="ke-link">https://superuser.com/questions/1516725/how-to-disable-windows-10-system-log</a>    </p><p> </p><p>검색 하는 방법</p><p>auditpol /list /subcategory:*</p><p>auditpol /list /subcategory:*test*</p><p> </p><p>응용 한다면</p><p>auditpol /list /subcategory:* > d:\test.txt</p><p> </p><p>auditpol /set /subcategory:"시스템 무결성" /success:disable /failure:disable</p><p>한글로 작성 해야 한다.</p><p> </p><p>auditpol /set /subcategory:"시스템 무결성" /success:disable /failure:enable</p><p>실패만 기록 하기</p><p> </p><p>gpupdate /force</p><p> </p><p> </p><p>rem <a href="https://docs.microsoft.com/en-us/windows/win32/fwp/auditing-and-logging" target="_blank" class="ke-link">https://docs.microsoft.com/en-us/windows/win32/fwp/auditing-and-logging</a> <br>rem <a href="https://social.technet.microsoft.com/Forums/en-US/ec2b033f-3e9b-4727-88d2-e6e358393734/how-to-disable-stop-windows-filtering-platform-filtering-platform-packet-drop" target="_blank" class="ke-link">https://social.technet.microsoft.com/Forums/en-US/ec2b033f-3e9b-4727-88d2-e6e358393734/how-to-disable-stop-windows-filtering-platform-filtering-platform-packet-drop</a> <br><br>rem  ALL <br>Auditpol /set /category:* /Success:disable /failure:disable <br><br>rem FIREWALL <br>Auditpol /set /subcategory:"Filtering Platform Policy Change" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Filtering Platform Packet Drop" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Filtering Platform Connection" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Other Object Access Events" /success:disable /failure:disable <br>Auditpol /set /subcategory:"IPsec Main Mode" /success:disable /failure:disable <br>Auditpol /set /subcategory:"IPsec Quick Mode" /success:disable /failure:disable <br>Auditpol /set /subcategory:"IPsec Extended Mode" /success:disable /failure:disable <br>Auditpol /set /subcategory:"IPsec Driver" /success:disable /failure:disable <br><br>rem <a href="https://thesystemengineers.wordpress.com/2014/05/08/the-best-advanced-audit-script-and-advanced-audit-policy-i-use/" target="_blank" class="ke-link">https://thesystemengineers.wordpress.com/2014/05/08/the-best-advanced-audit-script-and-advanced-audit-policy-i-use/</a> <br>rem <a href="http://www.ultimatewindowssecurity.com/wiki/WindowsSecuritySettings/Recommended-Baseline-Audit-Policy-for-Windows-Server-2008" target="_blank" class="ke-link">http://www.ultimatewindowssecurity.com/wiki/WindowsSecuritySettings/Recommended-Baseline-Audit-Policy-for-Windows-Server-2008</a> <br>Auditpol /set /subcategory:"DPAPI Activity" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Detailed Directory Service Replication" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Directory Service Replication" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Handle Manipulation" /success:disable /failure:disable <br>Auditpol /set /subcategory:"MPSSVC Rule-Level Policy Change" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Non Sensitive Privilege Use" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Other Policy Change Events" /success:disable /failure:enable <br>Auditpol /set /subcategory:"Other Privilege Use Events" /success:disable /failure:disable <br>Auditpol /set /subcategory:"SAM" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Sensitive Privilege Use" /success:disable /failure:disable <br><br>rem may be enabled on failure <br>Auditpol /set /subcategory:"Other System Events" /success:disable /failure:disable <br><br>rem Usually all enabled <br>Auditpol /set /subcategory:"Account Lockout" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Application Generated" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Application Group Management" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Audit Policy Change" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Authentication Policy Change" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Authorization Policy Change" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Certification Services" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Computer Account Management" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Credential Validation" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Directory Service Access" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Directory Service Changes" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Distribution Group Management" /success:disable /failure:disable <br>Auditpol /set /subcategory:"File Share" /success:disable /failure:disable <br>Auditpol /set /subcategory:"File System" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Kerberos Authentication Service" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Kerberos Service Ticket Operations" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Kernel Object" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Logoff" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Logon" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Network Policy Server" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Other Account Logon Events" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Other Account Management Events" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Other Logon/Logoff Events" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Process Creation" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Process Termination" /success:disable /failure:disable <br>Auditpol /set /subcategory:"RPC Events" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Registry" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Security Group Management" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Security State Change" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Security System Extension" /success:disable /failure:disable <br>Auditpol /set /subcategory:"Special Logon" /success:disable /failure:disable <br>Auditpol /set /subcategory:"System Integrity" /success:disable /failure:disable <br>Auditpol /set /subcategory:"User Account Management" /success:disable /failure:disable <br><br>rem Apply immediatly <br>gpupdate /force</p><div class="figure-file" data-ke-type="file" data-file-src="https://t1.daumcdn.net/cafeattach/1HRzv/c98a8b03560900b31f255dbf2af2911a303e2dd1?download" data-file-name="새 텍스트 문서.txt" data-file-size="5177" data-mimetype="text/plain" data-ke-align="alignCenter"><a href="javascript:checkVirus('grpid%3D1HRzv%26fldid%3DGGFN%26dataid%3D342%26fileid%3D1%26regdt%3D20220925183614&url=https%3A%2F%2Ft1.daumcdn.net%2Fcafeattach%2F1HRzv%2Fc98a8b03560900b31f255dbf2af2911a303e2dd1')"><div class="image"></div><div class="desc"><div class="filename"><span class="name">새 텍스트 문서</span><span class="type">.txt</span></div><div class="size">5.06KB</div></div></a></div><p>앞서 말한것 같이 모두 한글로 해야 한다.</p>
<!-- -->
]]>
카페 게시글
자유 게시판
특정 이벤트 뷰어 중지 방법 & 성능 모니터링
동우
추천 0
조회 94
22.09.25 18:36
댓글 0
다음검색
