Event ID - 1104

Event Id1104
SourceMicrosoft-Windows-Eventlog
DescriptionThe security log is now full.
Event Information According to Microsoft :

Cause

This event is logged when the security log is now full.

Resolution :

Configure the event log full condition

Event 1103 is a warning that indicates that the log is reaching its maximum capacity. Event 1104 indicates that the maximum capacity has been reached. Log configuration includes a setting that indicates the automatic handling of the event log full condition.

If the log is set to Overwrite events as required (retention is set to false on the command line), the log automatically recovers from the log full condition by overwriting the oldest events with new events.

If the log is set to Archive the log when full, do not overwrite events (retention is set to true, autoBackup is set to true from the command line), the log automatically recovers from the log full condition by copying the full log into a file with the file name based on the date that the file was created.

If the log is set to Do not overwrite events (retention is set to true, autoBackup is set to false from the command line), the log must manually be cleared from the command line. To do this, right-click the log entry in the Event Viewer and select Clear Log, or by running the following command from a command prompt that is run with administrator privileges (right-click the command prompt executable and run it by selecting Run as administrator):

wevtutil cl Security

Verify :

Use the Event Viewer to read the Security log on the local computer and find the latest event 1103 or 1104. These events must be followed by event 1105 or 1102 to indicate that the condition is cleared and the Security log is accepting events.
Reference LinksEvent ID 1104 from Microsoft-Windows-Eventlog

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.