Event ID 1104 – The Security Log Is Now Full
|Category||Non Audit (Event Log)|
|Sub-category||Other Events (Event Processing)|
|Description||The security log is now full.|
Whenever the Windows Security audit log becomes full, event ID 1104 is logged. If the upper limit of the Security Event Log file size is reached, and overwriting is not allowed (i.e., only manual clearance of logs is allowed), then event 1104 is triggered.
Why does event ID 1104 need to be monitored?
If the retention method for the Security Event log is set to the option "Do not overwrite events (Clear logs manually)", then the occurence of this event must be monitored carefully, as immediate actions will have to be performed, such as archiving the log, or clearing it.
With in-depth reports, real-time alerts, and options for activities like automatic archiving, ADAudit Plus handles all log related non-audit events, helping you meet your security, operational, and compliance needs with absolute ease.
Event 1104 applies to the following operating systems:
- Windows 2008 R2 and 7
- Windows 2012 R2 and 8.1
- Windows 2016 and 10
Explore Active Directory auditing and reporting with ADAudit Plus.
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools