Updated: August 5, 2011
Applies To: Windows Server 2008 R2
The Security log is the repository for the system audit events. These events describe security-related actions performed by the operating system (OS) and various components of the OS. The level of detail of the audit events depends on the system configuration settings. The number of events in the Security channel can be large. The events serve a number of purposes, from diagnostics to forensic investigations. Error events found in the Security channel can indicate that the system security is compromised. The system may be configured to restart when errors with the Security log are found.
The following is a list of all aspects that are part of this managed entity:
This event is related to the Security log configuration, including the maximum size of the log file and the behavior for handling the event log full condition.
As events are delivered to the Event Log service to be saved in the Security log, they pass through the operating system (OS) kernel. If the kernel does not have enough resources to deliver the events to the Event Log service (which can happen if the Event Log service has to handle a large number of events), then the events are lost. This can compromise the security of the system and ability of administrators, support personnel, and automated utilities to troubleshoot and diagnose problems.