000019018 - Windows NT Agent logging to flat file and not to the Event Log

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000019018
Applies ToMicrosoft Windows NT 4.0
RSA ACE/Agent 4.4 for Windows NT (no longer supported as of 3-3-2003)
IssueWindows NT Agent logging to flat file and not to the Event Log
Log messages in Winnt\System32\ACECLIENT.LOG
Log messages not written to Event Log
IIS Web Server stops responding to requests
CauseACE/Agent writes a number of messages to the Application Log of Windows NT. Some of the messages are written by the SYSTEM account and others are written by the anonymous web user account (IUSR_machinename).  The anonymous web user is a member of the "Guests" group and inherits restrictions from the Guest user account.
ResolutionVerify that the Guest user is allowed to write to the Application Log:
1. Run Regedt32
2. Browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application
3. Look for a Value "RestrictGuestAccess".  If this value is present then delete it and reboot the machine.
To restrict access to the Event Log this value would be set to REG_DWORD 1.
You can also restrict which messages are written to the Application Log by the ACE/Agent.
1. Go to Start->Settings->Control Panel->RSA ACE/Agent
2. Select the "Advanced" tab
3. Event Log filtering of "Default" will log all messages
4. Change the option to Low, Medium or High to filter messages and reduce the amount of information written to the Application Log.  A setting of "High" will filter the most information out of the Application Log.
Legacy Article IDa4998