When querying event logs with Log Parser the security eventlog gets flooded with Logon/Logoff eventid's. For example if querying the Application log on Machine X, it appears there is an entry for Logon/Logoff put into the Security log for every record pulled out of the Application log. This could result in thousands and thousands of entries every day.
Does anyone know why there is an entry for everytime Log Parser reads an entry and is this expected behaviour with Log Parser?
Example: The following will select all events from application logparser.exe "SELECT * FROM MachineX\Application If there are 1000 entries then there will be 2000(1000 logon, 1000 logoff) entries in security for the user running this command.