Re: The security log on this system is full
- From: Job <Job@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 26 Oct 2006 00:24:02 -0700
Thanks Mike,
Even I clear the event security logs, the error disappears during some days
until I reach approximatly 400 Mbytes space for the security logs (this not
the maximum space value I have specified and therefore there are still enough
space) and again I get the error.
Very confugsing !
I found the only solution to solve it is to modify the event security log
parameters by sepcifying : overwrite events as needed.
Job
"Special Access" wrote:
On Wed, 25 Oct 2006 03:03:01 -0700, Job.
<Job@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Thanks Mike but the value of the registry key is ''O'' therefore normal.
I wouldn't set to ''1'' because it will crash my server.
Do you have any other solutions ?
Thanks for your reply,
Job
"Special Access" wrote:
On Tue, 24 Oct 2006 07:14:02 -0700, Job
<Job@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Dear All,
I activated most of security audit (within the default domain controller
policy) for the domain controllers installed with Windows 2000 sp4 (Active
Directory) and it ran well.
Then I have recently upgrated to Windows 2003 sp1 all domain controllers and
now I get the following error when I open a session on domain controllers :
"the security log on this system is full"
When I look at the properties of security event logs file, it shows that
the log size isn't full and there is enough space to further events security
logs. Could you tell me why I get this error ?
I precised that I have defined the log to overwrite events security logs
older than 60 days.
Thanks for your help,
Job
Open REGEDIT and look at
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA and look for a
key of "CrashOnAuditFail". It's value should be either 0 (ignore) or
1 (active). If it's value is 2 (tripped) or NONE (also tripped) then
you need to reset it to either 1 or 0 and reboot.
The fact the log isn't full won't stop this error. This is because
the system can't write to the security log "for whatever reason". This
reason could be:
Disk is full
Log is full
Your stomach is full
The candy dish on the table is full
<smile>
If "crash on audit fail" is active, and the system can't write to the
log, it will crash and give you this error.
Mike
IF you set it to 1, it shouldn't "crash the server" but enable the
crash should the logs become full. If the logs are full or the error
is persistent, then clear (and save) the logs to see if the error goes
away. I have not seen this error without also seeing the tripped
CrashOnAuditFail indication as well so I'm sorta out of answers <grin>
Mike
- Prev by Date: RE: Defender 1.0 error
- Next by Date: Re: Blocking USB
- Previous by thread: Re: Service Pack 2 problem
- Next by thread: Re: MS06-061 version 2 for Win2K SP4
- Index(es):
Relevant Pages
|
