Event ID 808 – A security event source has attempted to register.
Whenever a new security event source is registered, event 808 is logged. This typically occurs during system start-up.
This log data provides the following information:
- Primary User Name
- Primary Domain
- Primary Logon ID
- Client User Name
- Client Domain
- Client Logon ID
- Source Name
- Process ID
- Event Source ID
Why does event ID 808 need to be monitored?
- To ensure the event was triggered by the SYSTEM account
- To ensure restricted processes are not reported in this event
- To ensure only authorized security event sources register themselves
- To detect anomalies and malicious activities
ADAudit Plus helps you avoid the GPOs monitoring complexities with real-time pre-configured reports and auditing of the changes along with alerts within a Domain & OU. The advanced Group Policy settings real-time audit reports highlight the elusive change details, and also provide the old and new values of the modified attributes.
Event 808 applies to the following operating systems:
- Windows Server 2000
- Windows 2003 and XP
Corresponding event ID in Windows 2008 and Windows Vista is 4904.