Link to home
Start Free TrialLog in
Avatar of cgooden01
cgooden01Flag for United States of America

asked on

There seems to be no solution to the Event ID: 1108 Security Logs not logging any event

I  have searched this out for several days now and not solution to why on this particular server I am not able to log security events.  Application, setup, system works fine.  I am getting Error ID 1100 and Error ID 1108.  This system is free from malware and/or virus.  Any help?
Avatar of Gerwin Jansen
Gerwin Jansen
Flag of Netherlands image

Without looking at those event ID's - did you try and remove that server's security log and start a new one?
please post the full event details.
Avatar of btan
btan

The event id of security events refer to below.
1100 logging service shuts down
1108 "The event logging service encountered an error while processing an incoming event published from Microsoft-Windows-Security-Auditing."

There should be an offending event id found from the details on event id 1108.
Avatar of cgooden01

ASKER

Only the generic one when you google it online..

Log name:  Security
Source:  Event log
Level: Error
Task Category:  Event Processing

The event logging service encountered an error while processing an incoming event published from Microsoft Windows Security Auditing
Maybe good to see if there are  any other errors in event viewer logs...if it is only 1100, I am suspecting if the event logging has encountered issues. Maybe should focus on errors prior to 1100 as well which should not be often seen though  
E.g. http://support.microsoft.com/kb/312571
The only errors in the security logs are 1100 and 1108.  Every other log as far as the system and applications work fine and show no evidence of an issue that would effect the security logs. I have search far and wide throughout the net for this and seems to be no resolution
BTAN,

The logs are being exporting to another volume so there is not reaching its maximum size and this is on a Server 2008  system
may want to check any other errors in event viewer as 1108 is not indicative and there should be some leading errors prior to this "1108" especially this is the first occurrences.
This happens if the log is corrupted. Delete it, as Gerwin supposed already.
apologies noted there is no other "errror" security log, actually the 1100 series of event is pertaining to the log and if they are already backed up maybe just reset and monitor for any other such recurrences. Actually if open event viewer trigger alert likely one of the evt is corrupted ...

May consider try to rename the security event log  %SystemRoot%\System32\Winevt\Logs\Security.evtx and then restart the server to re-create a new security event log. Please check if it can fix the issue.
(FYI you have to set event log service to disabled, boot box,  rename or delete file, then set back to automatic, boot box again) - More details @ http://support.microsoft.com/kb/172156
ASKER CERTIFIED SOLUTION
Avatar of cgooden01
cgooden01
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
No solution was found, System was rebuilt