Archive Security event log when full (Windows)

Module: System Auditing

Supported Platforms: Windows 2008, Windows Vista

This check reports a problem when security event log entries can be overwritten and if logs are not archived when it is full.

The following table lists the error message for the check.

Table: Error message for Archive Security event log when full

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: ESM_LOG_OVERWRITE_ARCHIVE_SEC

Category: Policy Compliance

  • Windows 2008 (249147)

  • Windows Vista (229147)

Title: Security events do not archive logs when it is full

Description:The security event log is not set to permit archival. The logs will not be archived when it is full.

Severity: yellow-1

Correctable: true

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

[an error occurred while processing this directive]