Enterprise Library Logging filling the Event Viewer with ClearTrust trivia

Question

Something's changed, and I cannot tell what.

I have an IIS Web Farm platform with Dev, Test, QA and Prod environments. 7 servers in all. Dev, Test and Prod have all suddenly been overflowing with verbose security events from every website that uses RSA ClearTrust. The QA environment remains untouched.

Something's changed. That much is obvious, but it's not at all obvious what it was. ClearTrust was not upgraded. Windows was not patched. The applications were not modified. IIS was not reconfigured. Registry permissions for the EventLog service were not relaxed.

I'm thinking about diffing the registry between the healthy and unhealthy boxes. Anyone have an easier idea?

Answer 1

This was odd.

EL is not a Microsoft-supported product, though it is a free resource they provide. So, they were not able to actually tell me what happened. At any rate, we learned a couple things.
1) EL cannot write to a Custom Event Log
2) The EntLib.config file works as advertised.

I was able to configure the EntLib.config to write to nothing until the developers were able to modify the configuration more appropriately.