Event Id | 1104 |
Source | Microsoft-Windows-Eventlog |
Description | The security log is now full. |
Event Information | According to Microsoft : Cause This event is logged when the security log is now full. Resolution : Configure the event log full condition Event 1103 is a warning that indicates that the log is reaching its maximum capacity. Event 1104 indicates that the maximum capacity has been reached. Log configuration includes a setting that indicates the automatic handling of the event log full condition. If the log is set to Overwrite events as required (retention is set to false on the command line), the log automatically recovers from the log full condition by overwriting the oldest events with new events. If the log is set to Archive the log when full, do not overwrite events (retention is set to true, autoBackup is set to true from the command line), the log automatically recovers from the log full condition by copying the full log into a file with the file name based on the date that the file was created. If the log is set to Do not overwrite events (retention is set to true, autoBackup is set to false from the command line), the log must manually be cleared from the command line. To do this, right-click the log entry in the Event Viewer and select Clear Log, or by running the following command from a command prompt that is run with administrator privileges (right-click the command prompt executable and run it by selecting Run as administrator): wevtutil cl Security Verify : Use the Event Viewer to read the Security log on the local computer and find the latest event 1103 or 1104. These events must be followed by event 1105 or 1102 to indicate that the condition is cleared and the Security log is accepting events. |
Reference Links | Event ID 1104 from Microsoft-Windows-Eventlog |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.