Event ID 1103 — Security Channel Configuration

Updated: August 5, 2011

Applies To: Windows Server 2008 R2

yellow

This event is related to the Security log configuration, including the maximum size of the log file and the behavior for handling the event log full condition.

Event Details

Product: Windows Operating System
ID: 1103
Source: Microsoft-Windows-Eventlog
Version: 6.1
Symbolic Name: EVENT_AUDIT_LOG_EXCEEDS_WARNING_LEVEL
Message: The security log is now %1 percent full.

Resolve

Configure the event log full condition

Event 1103 is a warning that indicates that the log is reaching its maximum capacity. Event 1104 indicates that the maximum capacity has been reached. Log configuration includes a setting that indicates the automatic handling of the event log full condition.

If the log is set to Overwrite events as required (retention is set to false on the command line), the log automatically recovers from the log full condition by overwriting the oldest events with new events.

If the log is set to Archive the log when full, do not overwrite events (retention is set to true, autoBackup is set to true from the command line), the log automatically recovers from the log full condition by copying the full log into a file with the file name based on the date that the file was created.

If the log is set to Do not overwrite events (retention is set to true, autoBackup is set to false from the command line), the log must manually be cleared from the command line. To do this, right-click the log entry in the Event Viewer and select Clear Log, or by running the following command from a command prompt that is run with administrator privileges (right-click the command prompt executable and run it by selecting Run as administrator):

wevtutil cl Security

Verify

Use the Event Viewer to read the Security log on the local computer and find the latest event 1103 or 1104. These events must be followed by event 1105 or 1102 to indicate that the condition is cleared and the Security log is accepting events.

Related Management Information

Security Channel Configuration

Management Infrastructure

Community Additions

ADD
Show: