Re: Security Log stops Logging
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: Tue, 20 Jul 2004 18:39:23 GMT
I would suggest that you increase the size of your logs quite a bit - probably to at
least 2MB. Also enable auditing of system events on your computer if you have not
already via Local Security Policy unless those settings are maintained at the domain
or OU level.
You may have corruption of your event logs and link below may be worth trying
assuming you mean that your event logs are empty and not recording anything instead
of a pertinent event was not recorded after the reboot.
There is a security option to check. In Local Security Policy [secpol.msc] go to
security settings/local policies/security options - shutdown system immediately if
unable to log security audits. Set it to disabled and verify that it is the
"effective" setting after running secedit /refreshpolicy machine_policy /enforce.
This is referred to as the "crash on audit fail" registry setting. --- Steve
"Doreen" <email@example.com> wrote in message
> I've been searching google.groups but I can't really find anything pertinent
> to my problem. My IIS Windows 2000 Server (which has Exchange 2000 SP3)
> keeps spontaneously rebooting. While that is my MAIN problem, this posting
> is about the fact that when I go to check the logs for errors there are
> none, but when I go to check the Security log, it has stopped logging some
> time before.
> The server rebooted at 1:30 am this morning...the Security Log file stops at
> 4:30 pm yesterday. I had cleared the log yesterday morning, so it was only
> yesterday's Security logs. Its size was 62KB when I checked it this morning
> and it was set to overwrite after 7 days. About three weeks ago I upgraded
> this server to SP4 from SP2.
> I'm not sure if the Security Log issue is related to my server rebooting
> issue. When I clear the log, it logs normally again. I will delete the
> existing log, but as that requires a reboot I don't want to rush into it if
> this isn't something I need to do immediately.
> Any ideas (on either problem!!) would be greatly appreciated.