Archive System event log when full (Windows)

Module: System Auditing

Supported Platforms: Windows 2008, Windows Vista

This check reports a problem when system event log entries can be overwritten and if logs are not archived when it is full.

The following table lists the error message for the check.

Table: Error message for Archive System event log when full

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: ESM_LOG_OVERWRITE_ARCHIVE_SYS Category: Policy Compliance	Windows 2008 (249148) Windows Vista (229148)	Title: System events do not archive logs when it is full Description:The system event log is not set to permit archival. The logs will not be archived when it is full.	Severity: yellow-1 Correctable: true Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: ESM_LOG_OVERWRITE_ARCHIVE_SYS

Category: Policy Compliance

Title: System events do not archive logs when it is full

Description:The system event log is not set to permit archival. The logs will not be archived when it is full.

Severity: yellow-1

Correctable: true

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]