Event Id | 1009 |
Source | NfsServer |
Description | The audit log has reached its maximum file size. Server for NFS has stopped recording audits. Without audit logging, users will still be able to access files through Server for NFS, but their actions will not be recorded. You can clean up the audit log or increase the maximum file size by using the Nfsadmin command-line tool. |
Event Information | According to Microsoft : Cause : This event is logged when audit log has reached its maximum file size. Resolution : Reduce activity log size or use another disk for activity logging Reduce the activity log size or use another volume for activity logging. To reduce the activity log size: 1.Open an elevated Command Prompt window. Click Start , point to All Programs , click Accessories , right-click Command Prompt , and then click Run as administrator . 2.Type dir to report the amount of free space on the volume. 3.Type nfsadmin server config fsize=size , where size is the maximum log file size in MB. The activity log file size provided should be smaller than the amount of free space on the volume. To use another volume for activity logging: 1.Open an elevated Command Prompt window. Click Start , point to All Programs , click Accessories , right-click Command Prompt , and then click Run as administrator . 2.Type nfsadmin server config fname=file , where file is the path and the name of the log file. Verify : To verify that Server for NFS is properly configured for activity logging: 1.Open a command prompt with elevated privileges. Click Start , point to All Programs , click Accessories , right-click Command Prompt , and then click Run as administrator . 2.Type nfsadmin server . 3.Verify that the Audit Log File Name field displays the correct location of your log file. |
Reference Links | Event ID 1009 from NfsServer |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.