I keep getting this error.. when i check manually, there are thousands of events.. What's going on?

Windows Srv std 2008 R2

asked 20 Nov '13, 09:09

cstein's gravatar image

cstein
311
accept rate: 0%


The Event Log monitor keeps track of the last event it saw, and the next time it scans, it starts from that event and reads new events. If it can't find that event, it assumes the event log was cleared. What can happen (especially with the Security log), is that so many events flow through it, that the 'last seen event' the monitor is looking for was flushed out, thus giving a false positive in this case. You can have the Event Log monitor check more often so that it doesn't miss events, and would solve the root issue of this alert.

Thanks
Quinn

Please make sure to mark your questions accepted when you have your answer by clicking the gray check mark to the left of the answer.

link

answered 20 Nov '13, 09:17

Quinn's gravatar image

Quinn ♦♦
14.4k3925
accept rate: 35%

Sorry for the late reply on this - I didn't get notified that a reply had been posted.

I've set it to 20 mins and will let it run for a couple of days then get back to you.

Thank you for the reply.

(25 Nov '13, 04:44) cstein

It seems to have done the trick.. I had to have it run every 15 min to avoid the error.

Thank you :-)

(28 Nov '13, 07:05) cstein

I continue to have this problem as well. I have the monitors set to every 5 mins but there are so many logonlogoffs from the Power Admin monitor account that I doubt it can find the event it needs before it gets overwritten by another event.

link

answered 08 Aug '14, 10:52

Erik's gravatar image

Erik
1613
accept rate: 0%

edited 08 Aug '14, 10:53

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×17
×8
×1

Asked: 20 Nov '13, 09:09

Seen: 9,597 times

Last updated: 08 Aug '14, 10:53