Event Log Event:1104

Active Directory Auditing Tool

The Who, Where and When information is very important for an administrator to have complete knowledge of all activities that occur on their Active Directory. This helps them identify any desired / undesired activity happening. ADAudit Plus assists an administrator with this information in the form of reports. In real-time, ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects - Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration changes with 200+ detailed event specific GUI reports and email alerts.

System » Event Log Event:1104

Event ID 1104 – The Security Log Is Now Full

Event ID 1104
Category Non Audit (Event Log)
Sub-category Other Events (Event Processing)
Type Success Audit
Description The security log is now full.

Whenever the Windows Security audit log becomes full, event ID 1104 is logged. If the upper limit of the Security Event Log file size is reached, and overwriting is not allowed (i.e., only manual clearance of logs is allowed), then event 1104 is triggered.

Why does event ID 1104 need to be monitored?

If the retention method for the Security Event log is set to the option "Do not overwrite events (Clear logs manually)", then the occurence of this event must be monitored carefully, as immediate actions will have to be performed, such as archiving the log, or clearing it.

Pro Tip:

With in-depth reports, real-time alerts, and options for activities like automatic archiving, ADAudit Plus handles all log related non-audit events, helping you meet your security, operational, and compliance needs with absolute ease.

Event 1104 applies to the following operating systems:

  • Windows 2008 R2 and 7
  • Windows 2012 R2 and 8.1
  • Windows 2016 and 10