Event log corruption, How to tell?
Anyone know how to tell if a Windows server's security event log is corrupted?
Occassionally, we get servers whose event log - for some reason - get corrupted and no more events can be gathered from that server.
The collector can still connect to the server but it looks like the server is just not generating any more events.
Problem is, I don't want to hack with whether or not we're getting events from a device, because we do have a number of servers and workstations that don't generate many events and these would come up as false positives if we try to check the amount of events being generated.
Any other method?