Days until system events are overwritten (Windows)

Module: System Auditing

Supported Platforms: Windows 2000, Windows 2003, Windows XP

This check reports a problem when system event log entries can be overwritten before a specified number of days has passed.

The following table lists the error message for the check.

Table: Error message for Days until system events are overwritten

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: ESM_LOG_TIME_TO_OVERWRT_SHORT_SYS Category: Policy Compliance	Windows 2000 (106143) Windows 2003 (206143) Windows XP (201143)	Title: System event log will be overwritten too soon Description:The system event log can be overwritten sooner than specified in your Symantec ESM policy. Information in the system event log can be lost.	Severity: yellow-1 Correctable: true Snapshot Updatable: false Template Updatable: false Information Field Format: [Overwrite time: %s days; expected: %s days]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: ESM_LOG_TIME_TO_OVERWRT_SHORT_SYS

Category: Policy Compliance

Windows 2000 (106143)
Windows 2003 (206143)
Windows XP (201143)

Title: System event log will be overwritten too soon

Description:The system event log can be overwritten sooner than specified in your Symantec ESM policy. Information in the system event log can be lost.

Severity: yellow-1

Correctable: true

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [Overwrite time: %s days; expected: %s days]