Days until security events are overwritten (Windows)

Module: System Auditing

Supported Platforms: Windows 2000, Windows 2003, Windows XP

This check reports a problem when security event log entries can be overwritten before a specified number of days has passed.

The following table lists the error message for the check.

Table: Error message for Days until security events are overwritten

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: ESM_LOG_TIME_TO_OVERWRITE_TOO_SHORT Category: Policy Compliance	Windows 2000 (106133) Windows 2003 (206133) Windows XP (201133)	Title: Security event log will be overwritten too soon Description:The security event log can be overwritten sooner than specified in your Symantec ESM policy. Information in the security event log can be lost.	Severity: yellow-1 Correctable: true Snapshot Updatable: false Template Updatable: false Information Field Format: [Overwrite time: %s days; expected: %s days]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: ESM_LOG_TIME_TO_OVERWRITE_TOO_SHORT

Category: Policy Compliance

Windows 2000 (106133)
Windows 2003 (206133)
Windows XP (201133)

Title: Security event log will be overwritten too soon

Description:The security event log can be overwritten sooner than specified in your Symantec ESM policy. Information in the security event log can be lost.

Severity: yellow-1

Correctable: true

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [Overwrite time: %s days; expected: %s days]