Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 18456 Source: MSSQL

Source
Description
Login failed for user "NT AUTHORITY\NETWORK SERVICE". [CLIENT: <named pipe>]
Comments
 
Edge case to be sure but this is an SBS2003 that has been mostly decommissioned except for one SQL application that we can't migrate at this time. As such pretty much everything on the server has been disabled or uninstalled. Update Services is installed but disabled. SQL ##SSEE is still running however. The event was preceeded by event id 421.

In our case it's just log noise we don't need and won't fix WSUS on this machine. May uninstall it. But on a live server if it came up someone might want to know what to do.
You can resolve this issue (identify what's causing it) from the log file. Go to your SQL Server  C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_175.trc

When you open the log_175.trc it will open SQL Server Profiler. Once opened look under the Event Class column for "Audit Login Failed". NT UserName should be Network Service. Then look under the Application Name column. This name in this column is the source of the Audit Login Failed for Error: 18456 Severity 14 State 16. This is the source identified as the issue.
Mysteriously appeared along with event 17204 (access denied). The WSUS service database would not start because the Network Service account did not have file permission to the WSUS directory. This in turn kept WSUS from running. I did not change any file persmissions and WSUS had successfully been deployed and running for 4 months prior to this error.

Fix: add Network Service account with full access rights to the WSUS directory and restart the Windows Internal Database service.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...