Getting Data In

Why is splunk-winprintmon.exe being run every minute?

tkw03
Communicator

Can someone tell me what this log record means? I see MANY of them across all my widows hosts but I am unsure of why its invoking winprintmon.exe? We ARE monitoring windows events on this machine BUT not printer monitoring.

 

 

 

02/03/2021 02:02:29 PM
LogName=Security
SourceName=Microsoft Windows security auditing.
EventCode=6417
EventType=0
Type=Information
ComputerName=hostname.domain.com
TaskCategory=System Integrity
OpCode=Info
RecordNumber=3903849
Keywords=Audit Success
Message=The FIPS mode crypto selftests succeeded.

	Process ID:		0x1e2c
	Process Name:		C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe

 

 

 

I am just unsure why its invoking winprintmon. 

It seems to run every minute.


Thanks as always

Labels (3)

scelikok
SplunkTrust
SplunkTrust

Hi @tkw03,

Splunk monitor processes are checked and restarted every 60 seconds even there is no active input.

You can disable them by adding below to inputs.conf  on forwarders;

[WinPrintMon]
interval = -1
disabled = 1

. You may see splunk-* processes other than splunk-winevtlog.exe. You can do similar for them too.

 

If this reply helps you an upvote is appreciated.
Get Updates on the Splunk Community!

Splunk Lantern | Spotlight on Security: Adoption Motions, War Stories, and More

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Greetings, Splunk Cloud Admins and Splunk enthusiasts! The Admin Configuration Service (ACS) team is excited ...

Tech Talk | One Log to Rule Them All

One log to rule them all: how you can centralize your troubleshooting with Splunk logs We know how important ...