Disable logging of thousands of certain events

CIS logs thousands and thousands of e.g. NetBIOS related entries clogging the log. I solved it in v3 with help of one forum member

Unfortunately the solution does not work anymore in v4. I’ve quit wasting time on trying to solve CIS GUI cumbersomeness a while ago (by ignoring inconveniences) but now I have to do some serious troubleshooting and thousands of entries make it harder than it should be.

The following set of rules is practicaly identical with the set of rules for v3 that solved the problem but, like I said, it’s not a solution anymore.

You can change the block and log rule at the bottom to block only.

Or add a rule to Global Rules to allow traffic for port 137-139. Or disable NETBIOS its self on the other computers on your network.

  1. Disable logging for blocked
    Hmmm, it would eliminate 90% of logging. May sound weird but I like to take a look from time to time :slight_smile: Also it’s acceptable only when everything works perfect. Unfortunately I’m currently troubleshooting some connection problems.

  2. Allow NetBIOS
    Seems the most sensible from the three.

  3. Disable NB on other PCs
    Impossible. There are thousands PCs on my network (university network)

The CIS v3 workaround was so good. Why that was even removed in the first place?

You are on a big university network then I would not recommend to allow traffic for incoming NETBIOS in the firewall.

You can try adding a rule to Global Rules to block, not log, all incoming IP traffic on the ports 137-139.

Does this do the trick for you?