Solved

Event messages

Posted on 2013-11-13
6
1,149 Views
Last Modified: 2013-11-20
Receiving a "ton" of annoying (looks like related event messages) on a Backup server: Windows 2008R2 / Backup Exec 2012 (RAM - 16GB, Swap File - 25GB)

#1

Event ID:1  
The backing-file for the real-time session "Eventlog-Security" has reached its
maximum size. As a result, new events will not be logged to this session until
space becomes available. This error is often caused by starting a trace session in
real-time mode without having any real-time consumers.

#2

EventTracker Alert - 11/12/13, 23:04:37
Alert Name: Audit event records discarded

Event Time: 2013-11-12 23:03:24.
Type: AuditOK.
Computer: BACKUP
Source: Microsoft-Windows-Security-Auditing
EvtID: 4612
User: N/A\N/A
Descr: Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits.

Number of audit messages discarded:      12623

This event is generated when audit queues are filled and events must be discarded.  This most commonly occurs when security events are being generated faster than they are being written to disk, or when the auditing system loses connectivity to the event log, such as when the event log service is stopped.


How to eliminate it?

Thank you
0
Comment
Question by:cohhelp
  • 3
  • 3
6 Comments
 
LVL 12

Expert Comment

by:Sommerblink
ID: 39645896
You have too much auditing enabled on your filesystem. So much in fact that even Windows can't keep up with it when your backup process is underway.

What is audited is located under the Advanced Security settings for the folder, drive, whathaveyou. It behaves in the same way that NTFS permissions do.

In order to see what is being audited, you will need to go to the folder or drive in question, right click on it, go to properties. Then go to the Security tab, then click on the Advanced button at the bottom. Then click on the Auditing tab and check what is audited there.

Seems like you have a lot of Success auditing going on based on the limited info in the event log. Perhaps you need to refine what is audited so that not so much noise is generated.
0
 

Author Comment

by:cohhelp
ID: 39645935
Rechecked all drives, nothing is set for audit.
0
 
LVL 12

Expert Comment

by:Sommerblink
ID: 39645963
Can you go through your Security log and see what is at least making it to the security log there and then double-check those files for their auditing behavior.

It is also possible that the logs are being shipped to that computer from another computer.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:cohhelp
ID: 39655043
we were expecting step-by-step "fix", but ... got just general concepts
0
 
LVL 12

Accepted Solution

by:
Sommerblink earned 500 total points
ID: 39660169
Of course. This is how things are solved, on a case-by-case basis.

There is no one-webpage-fixes-all for your case. If that were so, you could simply use google to solve the problem.
0
 

Author Closing Comment

by:cohhelp
ID: 39662906
none
0

Featured Post

[Webinar] Disaster Recovery and Cloud Management

Learn from Unigma and CloudBerry industry veterans which providers are best for certain use cases and how to lower cloud costs, how to grow your Managed Services practice in IaaS clouds, and how to utilize public cloud for Disaster Recovery

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Do we need servers??? 5 190
Troubles Logging On Creating New Profile 3 49
what is file ADS_ERR.adm on windows server 2008 4 40
who removed AD Domain ID 9 28
Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
If you migrate a Terminal Server licenses server inside the 2008 server family, you can takte advantage of the build-in migration tool. If you like to migrate an older 2003 Server (and the installed client CALs) to a 2008 R2 server for example, you …
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now