Something here may help.
https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4625
--please don't forget to Accept as answer if the reply is helpful--
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Can anybody please interpret, what is this log about?
Is this log generated by any service starting or some attacker is trying to access the server using disabled account?
Please suggest.
2020-12-10T09:46:03Z DB01.test.com.np 192.168.1.1 AccelOps-WUA-WinLog-Security [monitorStatus]="Success" [Locale]="en-US" [MachineGuid]="xxxxxxxx" [timeZone]="+0545" [eventName]="Security" [eventSource]="Microsoft-Windows-Security-Auditing" [eventId]="4625" [eventType]="Information" [domain]="" [computer]="DB01.test.com.np" [user]="" [userSID]="" [userSIDAcctType]="" [eventTime]="Dec 10 2020 09:46:02" [deviceTime]="Dec 10 2020 09:46:02" [msg]="An account failed to log on." [[Subject]][Security ID]="S-1-5-18" [Account Name]="DB01$" [Account Domain]="test" [Logon ID]="0x3E7" [Logon Type]="5" [[Account For Which Logon Failed]][Security ID]="S-1-0-0" [Account Name]="sp_farm_svc" [Account Domain]="test" [[Failure Information]][Failure Reason]="Account currently disabled." [Status]="0xC000006E" [Sub Status]="0xC0000072" [[Process Information]][Caller Process ID]="0x228" [Caller Process Name]="C:\Windows\System32\services.exe" [[Network Information]][Workstation Name]="DB01" [Source Network Address]="" [Source Port]="" [[Detailed Authentication Information]][Logon Process]="Advapi" [Authentication Package]="Negotiate" [Transited Services]="" [Package Name (NTLM only)]="" [Key Length]="0"
Thanks.
Something here may help.
https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4625
--please don't forget to Accept as answer if the reply is helpful--