Can someone tell me what this log record means? I see MANY of them across all my widows hosts but I am unsure of why its invoking winprintmon.exe? We ARE monitoring windows events on this machine BUT not printer monitoring.
02/03/2021 02:02:29 PM
LogName=Security
SourceName=Microsoft Windows security auditing.
EventCode=6417
EventType=0
Type=Information
ComputerName=hostname.domain.com
TaskCategory=System Integrity
OpCode=Info
RecordNumber=3903849
Keywords=Audit Success
Message=The FIPS mode crypto selftests succeeded.
Process ID: 0x1e2c
Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe
I am just unsure why its invoking winprintmon.
It seems to run every minute.
Thanks as always
Hi @tkw03,
Splunk monitor processes are checked and restarted every 60 seconds even there is no active input.
You can disable them by adding below to inputs.conf on forwarders;
[WinPrintMon]
interval = -1
disabled = 1
. You may see splunk-* processes other than splunk-winevtlog.exe. You can do similar for them too.