Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 578 Source: Security

Source
Description
Privileged object operation:
Object Server: EventLog
Object Handle: 0
Process ID: 220
Primary User Name: ARHIMEDE$
Primary Domain: ALTDOMAIN
Primary Logon ID: (0x0,0x3E7)
Client User Name: mjohn
Client Domain: ALTDOMAIN
Client Logon ID:(0x0,0x9520)
Privileges: SeSecurityPrivilege
Comments
 
See EV100228 for details about this event.
As per Microsoft: "When you take ownership locally of a file or folder and "Use of User Rights" is enabled, four Event 578s are logged and the last Event 578 gives the detail about the actual ownership transaction". See ME170834 for more details.
Event 578 may be logged as "Failure Audit" in the Security event log when auditing is enabled for tracking Privilege Use problems.

A "Success Audit" 578 indicates that a user had successfully used its priveleges on that computer. A typical privilege listed is: "SeSecurityPrivilege". This means that the user had accessed the Security event log.

ME266282 says that if this event is logged twice during logoff and Windows 2000 shutdown then you can ignore these events because they are logged in error. To fix this issue, apply the latest service pack.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...