Getting Data In

Why is splunk-winprintmon.exe being run every minute?

tkw03
Communicator

Can someone tell me what this log record means? I see MANY of them across all my widows hosts but I am unsure of why its invoking winprintmon.exe? We ARE monitoring windows events on this machine BUT not printer monitoring.

 

 

 

02/03/2021 02:02:29 PM
LogName=Security
SourceName=Microsoft Windows security auditing.
EventCode=6417
EventType=0
Type=Information
ComputerName=hostname.domain.com
TaskCategory=System Integrity
OpCode=Info
RecordNumber=3903849
Keywords=Audit Success
Message=The FIPS mode crypto selftests succeeded.

	Process ID:		0x1e2c
	Process Name:		C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe

 

 

 

I am just unsure why its invoking winprintmon. 

It seems to run every minute.


Thanks as always

Labels (3)

scelikok
SplunkTrust
SplunkTrust

Hi @tkw03,

Splunk monitor processes are checked and restarted every 60 seconds even there is no active input.

You can disable them by adding below to inputs.conf  on forwarders;

[WinPrintMon]
interval = -1
disabled = 1

. You may see splunk-* processes other than splunk-winevtlog.exe. You can do similar for them too.

 

If this reply helps you an upvote and "Accept as Solution" is appreciated.
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...