Security log is full
Sometime I log in my computer, there is an message that my security log is full and only the administrator can clear it.
What does that mean and how do I clear it as an admistrator?
What does that mean and how do I clear it as an admistrator?
Who is Participating?
I don't see what version of Windows you are running, but the following link is an idea how to tweak your logging events to capture real security events:
http://support.microsoft.com/kb/q140058/
http://labmice.techtarget.com/troubleshooting/EventLog.htm
Also, you can manually delete the log files by going to:
Start-->Settings-->Control
Right mouse over "Security Log"
Select "Clear All Events"
Say "No" to saving it
Now the log is not full.
http://support.microsoft.com/kb/q140058/
http://labmice.techtarget.com/troubleshooting/EventLog.htm
Also, you can manually delete the log files by going to:
Start-->Settings-->Control
Right mouse over "Security Log"
Select "Clear All Events"
Say "No" to saving it
Now the log is not full.
If you security log is filling up, you need to figure out WHY by reviewing the types of activities you are monitoring.
If needed, you can increase the maximum size of the log (recommended) or reduce what you are watching for (probably not a good idea).
I would strongly recommend against "Overwrite as needed". Different kinds of attacks can fill up a log pretty quickly and your evidence of the attack will be 'overwritten'.
We use a fairly large maximum (about 20 MB) and NEVER 'overwrite'. If one of our security logs gets filled up, we want an Administrator to figure out why.
Security Administrators tend to be a little paranoid - with good reason.
Good Luck,
Vic
If needed, you can increase the maximum size of the log (recommended) or reduce what you are watching for (probably not a good idea).
I would strongly recommend against "Overwrite as needed". Different kinds of attacks can fill up a log pretty quickly and your evidence of the attack will be 'overwritten'.
We use a fairly large maximum (about 20 MB) and NEVER 'overwrite'. If one of our security logs gets filled up, we want an Administrator to figure out why.
Security Administrators tend to be a little paranoid - with good reason.
Good Luck,
Vic
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
All Courses
From novice to tech pro — start learning today.
-
Course of the Month10 days, 1 hour left to enrollMonitoring and Operating a Private Cloud with System Center 2012 R2 273 lessons
you shoul dhave it set to overwrite as needed but you can manually clear from there as well