• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3547
  • Last Modified:

There seems to be no solution to the Event ID: 1108 Security Logs not logging any event

I  have searched this out for several days now and not solution to why on this particular server I am not able to log security events.  Application, setup, system works fine.  I am getting Error ID 1100 and Error ID 1108.  This system is free from malware and/or virus.  Any help?
0
cgooden01
Asked:
cgooden01
1 Solution
 
Gerwin Jansen, EE MVETopic Advisor Commented:
Without looking at those event ID's - did you try and remove that server's security log and start a new one?
0
 
SteveCommented:
please post the full event details.
0
 
btanExec ConsultantCommented:
The event id of security events refer to below.
1100 logging service shuts down
1108 "The event logging service encountered an error while processing an incoming event published from Microsoft-Windows-Security-Auditing."

There should be an offending event id found from the details on event id 1108.
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
cgooden01Author Commented:
Only the generic one when you google it online..

Log name:  Security
Source:  Event log
Level: Error
Task Category:  Event Processing

The event logging service encountered an error while processing an incoming event published from Microsoft Windows Security Auditing
0
 
btanExec ConsultantCommented:
Maybe good to see if there are  any other errors in event viewer logs...if it is only 1100, I am suspecting if the event logging has encountered issues. Maybe should focus on errors prior to 1100 as well which should not be often seen though  
E.g. http://support.microsoft.com/kb/312571
0
 
cgooden01Author Commented:
The only errors in the security logs are 1100 and 1108.  Every other log as far as the system and applications work fine and show no evidence of an issue that would effect the security logs. I have search far and wide throughout the net for this and seems to be no resolution
0
 
cgooden01Author Commented:
BTAN,

The logs are being exporting to another volume so there is not reaching its maximum size and this is on a Server 2008  system
0
 
btanExec ConsultantCommented:
may want to check any other errors in event viewer as 1108 is not indicative and there should be some leading errors prior to this "1108" especially this is the first occurrences.
0
 
McKnifeCommented:
This happens if the log is corrupted. Delete it, as Gerwin supposed already.
0
 
btanExec ConsultantCommented:
apologies noted there is no other "errror" security log, actually the 1100 series of event is pertaining to the log and if they are already backed up maybe just reset and monitor for any other such recurrences. Actually if open event viewer trigger alert likely one of the evt is corrupted ...

May consider try to rename the security event log  %SystemRoot%\System32\Winevt\Logs\Security.evtx and then restart the server to re-create a new security event log. Please check if it can fix the issue.
(FYI you have to set event log service to disabled, boot box,  rename or delete file, then set back to automatic, boot box again) - More details @ http://support.microsoft.com/kb/172156
0
 
cgooden01Author Commented:
To no avail. Solutions offered,suggested, did not solve this issues. So system was just rebuilt.  Thank you
0
 
cgooden01Author Commented:
No solution was found, System was rebuilt
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now