I keep getting this error.. when i check manually, there are thousands of events.. What's going on? Windows Srv std 2008 R2 asked 20 Nov '13, 09:09 cstein |
The Event Log monitor keeps track of the last event it saw, and the next time it scans, it starts from that event and reads new events. If it can't find that event, it assumes the event log was cleared. What can happen (especially with the Security log), is that so many events flow through it, that the 'last seen event' the monitor is looking for was flushed out, thus giving a false positive in this case. You can have the Event Log monitor check more often so that it doesn't miss events, and would solve the root issue of this alert. Thanks Please make sure to mark your questions accepted when you have your answer by clicking the gray check mark to the left of the answer. answered 20 Nov '13, 09:17 Quinn ♦♦ Sorry for the late reply on this - I didn't get notified that a reply had been posted. I've set it to 20 mins and will let it run for a couple of days then get back to you. Thank you for the reply.
(25 Nov '13, 04:44)
cstein
It seems to have done the trick.. I had to have it run every 15 min to avoid the error. Thank you :-)
(28 Nov '13, 07:05)
cstein
|
I continue to have this problem as well. I have the monitors set to every 5 mins but there are so many logonlogoffs from the Power Admin monitor account that I doubt it can find the event it needs before it gets overwritten by another event. answered 08 Aug '14, 10:52 Erik |