cgooden01
asked on
There seems to be no solution to the Event ID: 1108 Security Logs not logging any event
I have searched this out for several days now and not solution to why on this particular server I am not able to log security events. Application, setup, system works fine. I am getting Error ID 1100 and Error ID 1108. This system is free from malware and/or virus. Any help?
Without looking at those event ID's - did you try and remove that server's security log and start a new one?
please post the full event details.
The event id of security events refer to below.
1100 logging service shuts down
1108 "The event logging service encountered an error while processing an incoming event published from Microsoft-Windows-Security -Auditing. "
There should be an offending event id found from the details on event id 1108.
1100 logging service shuts down
1108 "The event logging service encountered an error while processing an incoming event published from Microsoft-Windows-Security
There should be an offending event id found from the details on event id 1108.
ASKER
Only the generic one when you google it online..
Log name: Security
Source: Event log
Level: Error
Task Category: Event Processing
The event logging service encountered an error while processing an incoming event published from Microsoft Windows Security Auditing
Log name: Security
Source: Event log
Level: Error
Task Category: Event Processing
The event logging service encountered an error while processing an incoming event published from Microsoft Windows Security Auditing
Maybe good to see if there are any other errors in event viewer logs...if it is only 1100, I am suspecting if the event logging has encountered issues. Maybe should focus on errors prior to 1100 as well which should not be often seen though
E.g. http://support.microsoft.com/kb/312571
E.g. http://support.microsoft.com/kb/312571
ASKER
The only errors in the security logs are 1100 and 1108. Every other log as far as the system and applications work fine and show no evidence of an issue that would effect the security logs. I have search far and wide throughout the net for this and seems to be no resolution
ASKER
BTAN,
The logs are being exporting to another volume so there is not reaching its maximum size and this is on a Server 2008 system
The logs are being exporting to another volume so there is not reaching its maximum size and this is on a Server 2008 system
may want to check any other errors in event viewer as 1108 is not indicative and there should be some leading errors prior to this "1108" especially this is the first occurrences.
This happens if the log is corrupted. Delete it, as Gerwin supposed already.
apologies noted there is no other "errror" security log, actually the 1100 series of event is pertaining to the log and if they are already backed up maybe just reset and monitor for any other such recurrences. Actually if open event viewer trigger alert likely one of the evt is corrupted ...
May consider try to rename the security event log %SystemRoot%\System32\Wine vt\Logs\Se curity.evt x and then restart the server to re-create a new security event log. Please check if it can fix the issue.
(FYI you have to set event log service to disabled, boot box, rename or delete file, then set back to automatic, boot box again) - More details @ http://support.microsoft.com/kb/172156
May consider try to rename the security event log %SystemRoot%\System32\Wine
(FYI you have to set event log service to disabled, boot box, rename or delete file, then set back to automatic, boot box again) - More details @ http://support.microsoft.com/kb/172156
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
No solution was found, System was rebuilt