Event Log Event:1105

Active Directory Auditing Tool

The Who, Where and When information is very important for an administrator to have complete knowledge of all activities that occur on their Active Directory. This helps them identify any desired / undesired activity happening. ADAudit Plus assists an administrator with this information in the form of reports. In real-time, ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects - Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration changes with 200+ detailed event specific GUI reports and email alerts.

System » Event Log Event:1105

Event ID 1105 – Event Log Automatic Backup

Event ID 1105
Category Non Audit (Event Log)
Sub-category Other Events (Log Automatic Backup)
Type Success Audit
Description Event log is backed up automatically.

When the Windows security log becomes full, and the retention method has been set to "Archive the log when full, do not overwrite events", event ID 1105 is logged. The event log is backed up, and a new log file is created.

The archived log file's name is of the format:

"Archive-LOG_FILE_NAME-YYYY-MM-DD-hh-mm-ss-nnn.evtx".

This log data provides the following information:

  • Log
  • File

Why does event ID 1105 need to be monitored?

This is only an informational event and does not require monitoring. However, if overwriting of the event logs is the setting and this event is generated, it implies that settings might have been changed by someone else.

Pro Tip:

With in-depth reports, real-time alerts, and options for activities like automatic archiving, ADAudit Plus handles all log related non-audit events, helping you meet your security, operational, and compliance needs with absolute ease.

Event 1105 applies to the following operating systems:

  • Windows 2008 R2 and 7
  • Windows 2012 R2 and 8.1
  • Windows 2016 and 10