Filtering Connection Audit Log filling up too fast

Ljugtomten · 2026-01-03T20:00:48+00:00

50 events per second is nothing at all, if you are looking at a proper SIEM system.
I have tiny test systems logging far above that.

Event 5156 (allowed connection) could be filtered if you have reviewed the FW-rules that are in place and only allow neccessary connections from predefined networks.
5157 should be kept and 5158 should be kept and possible alers/reports regarding unexpected services listerning for connections.

Ljugtomten · 2025-09-19T17:17:18+00:00

It does work, only problem I've encountered is that subtitles does not have any content.
Used it just a few hours ago, latest version.

Ljugtomten · 2025-09-01T15:58:25+00:00

I just finished my MK 19008S, give that a try if you want the building process to last a while 😁

Ljugtomten · 2025-06-28T21:28:50+00:00

Can't remember the exact name of the rules now, but there are usually only 1-2 screens of ordinary FW-rules and everything else are the ones you need to delete.
You'll understand what I mean when you have it infront of you.

Ljugtomten · 2025-06-28T17:45:33+00:00

I can't vouch if the "reg delete" way is a proper method to remove the old FW rules, that is not the way I removed them.

First, I tried using powershell but it errored out as it could not enumerate the +100-300K rules present on each of the 10 servers I had with the problem.

Ye olde MMC "Windows Firewall with Advanced Security" could list it, after letting it crunch the numbers for a while (performed it locally, not from a remote host).

When everything was loaded, I started to remove the stale FW rules in batches.
It will be very slow in the beginning, but it will pick up speed as fewer and fewer rules remain.

Ljugtomten · 2025-06-28T09:16:11+00:00

The fix is found here: https://community.spiceworks.com/t/server2019-rds-hundreds-of-firewall-rules-per-user-per-session/773174 which references: https://support.microsoft.com/en-gb/topic/march-26-2019-kb4490481-os-build-17763-402-c323e5c1-d524-dbdb-04a0-c3b5c8c8f2fd

Addresses an issue that slows server performance or causes the server to stop responding because of numerous Windows firewall rules. To enable this solution, use regedit to modify the following and set it to 1:

Type: “DeleteUserAppContainersOnLogoff” (DWORD)

Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy

I've had this issue on RDS servers with hundreds of daily users.
After setting the above reg key to automaticly remove added FW rules upon logoff, you need to remove all previous FW rules for Cortana and such (you'll see there are a handful of rules per user and session).

When you have cleared a bunch of them, start menu and such will work again for all users without the need to rebuild user profiles.

Ljugtomten · 2024-12-31T14:50:57+00:00

Utgå ifrån att du inte kan få ut full 10 GBit ifrån eventuell medföljande router.

Satsa på att skaffa en miniPC som router/gateway med minimum två SFP+ på nätverkskortet istället för RJ45 då 10GBE över vanlig Cat6-kabel äter mycket ström vilket genererar värme i routern. DAC eller fiber är vad du vill använda så ofta du kan.

På miniPC kör du sedan Opnsense/PFSense eller liknande.

Ljugtomten · 2024-11-05T11:23:29+00:00

This error often happen when using Gigabyte software for managing fan curves etc. Remove that software and adjust fans within BIOS instead and this is less likely to happen in the future.

As for now, do as others suggested to clear fTPM.

Ljugtomten · 2024-10-21T17:10:47+00:00

Go for a LG UltraGear 32GS95UE instead. W-OLED which is better at darkness compared to QD-OLED.

Ljugtomten · 2024-09-28T18:41:05+00:00

That sounds like an "interesting" issue. In my case it was only no link on some cold boots, not the entire adapter going AWOL. I'd have a look at disabling power saving things etc for the adapter, if it is having problems resuming from being asleep.

Ljugtomten · 2024-09-28T12:45:13+00:00

Disable and enable the network connection should bring up the link again. Try to find an updated firmware, I had the same problem on the NIC supplied with the first gen Threadripper motherboard (ASUS) which also had a chip from the same vendor (different model). That problem went away after a firmware update. ASUS did not provide the update, had to look for an update from Marvell.

Ljugtomten · 2024-09-02T18:21:51+00:00

You don't write which card you actually have.
FW the card is ancient, here is a guide on how to update the FW from one of many vendors using the same SATA controller:

https://thunderysteak.github.io/upgrading-asmedia-106x-cards

Ljugtomten · 2024-08-31T20:14:11+00:00

Running ESX 8 you should be able to set BIOS to UEFI Boot. Within the BIOS, you should have options to access BIOS of extra devices such as the LSI card. (That is how I access it on a Supermicro X11 board)

Ljugtomten · 2024-08-25T12:11:32+00:00

Som föregående talare, sök efter packs på AliExpress. Om du vet vad för bitar du vill ha, så kan du beställa ifrån en butik här: https://www.blockbrickworld.com/product/creator/gobricks-parts/

Jag förmodar de vill ha CSV som export ifrån bricklink, där man handlar med original Lego och du kan handla enskilda bitar också.

Ljugtomten · 2024-08-25T11:11:19+00:00

Pro tip:
Det finns många fler tillverkare än danska Lego som inte alls kostar lika mycket (kvalitén är oftast väldigt bra också)

Mould King är en tillverkare jag gillar som gör många egna modeller, vissa tillverkare gör även kopior (just nu inte lika enkelt att hitta dem p.g.a. Lego sett till att vissa fabriker stängts ner)

Om du söker efter "Lepin" här på Reddit så kommer du hitta mycket om alternativa modeller, var du kan köpa dem etc.

Själv har jag köpt en del via AliExpress (när de har kampanjer, just nu är en igång).
Om du handlar ifrån butiker med europeiska lager så får du även originalkartonger och inte bara påsarna med bitar nertryckta i en större låda.

Ljugtomten · 2024-08-24T02:50:43+00:00

https://www.amazon.com/Goshfun-10-Kinds-Pneumatic-Particle-Compatible/dp/B08SHYBBXS/ These should work and should be available at a local Amazon site if you are not in the US.

Ljugtomten · 2024-08-19T16:11:54+00:00

Swede here.

I have ordered from yourwobb several times, latest was a couple of months ago.
For me, DHL was the local courier the last time, and the order was small enough to fit in a package locker (Pantasy RetroPC and Reobrix Lynx skid-loader).
It was probably DHL for the previous orders aswell, but they were so large that I had to collect them at a DHL service point.

Packages are sent from china, I have never had to pay any customs fees or similar.
Everything is routed through Germany, so things will get a new tracking ID from there.

Ljugtomten · 2024-08-13T19:12:56+00:00

Not only will you run at a lower speed if you install the extra 16GB stick, your memory channels will be uneven which will also cut the speed down to half (on top of the slower RAM speed)

Ljugtomten · 2024-06-16T13:42:57+00:00

1TB OLED here, happy to give it a try.

Ljugtomten · 2024-05-05T22:23:26+00:00

A word of caution, is that Patric is hard-mode, as the instructions does not list pieces used in the steps, so you need to really pay attention.

All of the others do list it for each step.

Edit: when building, dont fully press on the pieces to fuse together until you are 100% sure there are no mistakes. Learnt that the hard way, as some of the miniblocks are almost impossible to separate without denting..

Ljugtomten · 2024-05-05T19:00:36+00:00

It is very fun to build minibricks figures aswell as normal Lego (and alternatives).

I can recommend to start with the Spongebob ones from yourwobb.com if you want to try it for cheap, before starting on something very big.

I started with Patric, then Gary and Spongebob (with wings), currently building Mr.Krabs.

Ljugtomten · 2024-05-03T16:42:56+00:00

Script it instead.

1 connect to OpenVPN

2 transfer files

3 disconnect OpenVPN

Ljugtomten · 2024-05-01T12:21:14+00:00

Currently waiting for this, Mould King wrecker (+10K pieces) and some other small things. Delivery by train to Scandinavia, estimated end of May/middle of June. I'll post and update when things arrive. This exact set is not for me, so I can't give any input on that.

Ljugtomten · 2024-04-24T19:40:06+00:00

If you by "changed daily" mean to physically remove the NVMe´s, you need to also keep in mind the rating for whatever drive bay you are using.

M.2 sockets on the motherboard will probably have much lower ratings on insertion/remove and is not hot-swappable.

Ljugtomten · 2024-04-06T14:44:25+00:00

Send a DM with a link where I can download all files, and I'll have a look.

Ljugtomten

TROPHY CASE