Event Log Performance Monitoring Events
Applies To: Windows 7, Windows Server 2008 R2
Security event monitoring involves not just the configuration of security event policy settings and reviewing the resulting audit events as they appear in the event log. It also depends on the reliable performance of the Windows Event Log service itself, without which the best security auditing policy framework can still not give you the critical information that your organization requires.
To protect against this, the following events provide diagnostic data when the Windows Event Log service is experiencing problems so you can take corrective action.
| Event ID | Symbol | Message |
|---|---|---|
1100 |
EVENT_SHUTDOWN |
The event logging service has shut down. |
1101 |
EVENT_AUDIT_EVENTS_DROPPED |
Audit events have been dropped by the transport. %1 |
1102 |
EVENT_AUDIT_LOG_CLEARED |
The audit log was cleared. |
1103 |
EVENT_AUDIT_LOG_EXCEEDS_WARNING_LEVEL |
The security log is now %1 percent full |
1104 |
EVENT_AUDIT_LOG_FULL |
The security log is now full. |
1105 |
EVENT_AUDIT_AUTO_BACKUP |
Event log automatic backup |
1106 |
EVENT_AUDIT_FAILURE |
Events have been dropped by the event logging service. The reason code is %1 |
1107 |
EVENT_AUDIT_PUBLISHER_META_DATA |
The event logging service encountered an error while processing an incoming event from publisher %3 and trying to process the metadata for it. |
1108 |
EVENT_AUDIT_PROCESSING |
The event logging service encountered an error while processing an incoming event published from %3. |