System halts when security log full (Windows)

Module: System Auditing

Supported Platforms: Windows 2000, Windows 2003, Windows 2008, Windows Vista, Windows XP

This check reports a problem when the system does not halt when the security event log is full.

The following table lists the error message for the check.

Table: Error message for System halts when security log full

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: ESM_LOG_FULL_SYSTEM_NO_HALT

Category: Policy Compliance

  • Windows 2000 (106135)

  • Windows 2003 (206135)

  • Windows 2008 (249135)

  • Windows Vista (229135)

  • Windows XP (201135)

Title: System does not halt when security event log full

Description:The system does not halt when the security log is full. The system can continue to be used without recording any new audits. To set the system to halt when the log is full, change the following value to 1 in the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\CrashOnAuditFail

Severity: yellow-1

Correctable: true

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

[an error occurred while processing this directive]