Posted on 2013-11-13
Receiving a "ton" of annoying (looks like related event messages) on a Backup server: Windows 2008R2 / Backup Exec 2012 (RAM - 16GB, Swap File - 25GB)
The backing-file for the real-time session "Eventlog-Security" has reached its
maximum size. As a result, new events will not be logged to this session until
space becomes available. This error is often caused by starting a trace session in
real-time mode without having any real-time consumers.
EventTracker Alert - 11/12/13, 23:04:37
Alert Name: Audit event records discarded
Event Time: 2013-11-12 23:03:24.
Descr: Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits.
Number of audit messages discarded: 12623
This event is generated when audit queues are filled and events must be discarded. This most commonly occurs when security events are being generated faster than they are being written to disk, or when the auditing system loses connectivity to the event log, such as when the event log service is stopped.
How to eliminate it?