I was seeing a lot of entries in the eventlog:
The Windows Filtering Platform has permitted a connection.
Application Information:
Process ID: 4
Application Name: System
Network Information:
Direction: Inbound
Source Address: 10.xxx.xxx.xxx
Source Port: 80
Destination Address: 10.xxx.xxx.xxx
Destination Port: 31773
Protocol: 6
Filter Information:
Filter Run-Time ID: 67903
Layer Name: Receive/Accept
Layer Run-Time ID: 44
We have a loadbalancer which checks every second to see if the application is still running (a health check).
The logs contain large amounts of this kind of entries, which makes the Event Viewer slow and it's difficult to find the more interesting logs.
How do I make sure these messages don't end up in the event logs?
Best Answer
You can turn off this type of logs with the following command line statement:
Found it here:
http://www.cupfighter.net/index.php/2009/10/get-rid-of-event-id-5156-the-windows-filtering-platform-has-allowed-a-connection/