Cadet 3rd Class Cadet 3rd Class
Cadet 3rd Class

Event log corruption, How to tell?

Anyone know how to tell if a Windows server's security event log is corrupted?

Occassionally, we get servers whose event log - for some reason - get corrupted and no more events can be gathered from that server.

The collector can still connect to the server but it looks like the server is just not generating any more events.

Problem is, I don't want to hack with whether or not we're getting events from a device, because we do have a number of servers and workstations that don't generate many events and these would come up as false positives if we try to check the amount of events being generated.

Any other method?


Labels (1)
0 Replies
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.