1
chillbilly 1 point ago +1 / -0

Windows Server

18
chillbilly 18 points ago +18 / -0

So, every time something happens on the server, that action gets stored as an entry in the audit log. But the log is configured to only hold 20MB of data. Once the log file hits 20M, every time a new log entry gets added, it will delete the oldest entry from the log to make sure it stays under that 20MB limit. Someone executed enough empty password login attempts (37k+) in one day to push every single log entry from election day and more out of the log. Because they don't want to turn over the router logs, they do not know who did this.