Hi All,
I am currently trying to integrate windows aggregators in our environment. The problem that I am facing is related to the rolling of a channel for the windows logs. I have the following error in the logs:
Log for channel Security may have rolled over. Previous/Current record number: xxxx/xxxx.
As per the RSA link, I have increased the maximum log storage size to 2 GB from 20 MB on the windows aggregator and also tried to change the polling duration. However, this is still not fixing the issue.
I have been trying with different Poll interval / Poll duration and maximum events. Still, I keep getting the same rollover error. Is there a way to derive an optimum setting for polling interval/ poll duration and maximum events ? Thanks for the assistance in advance.
Current settings:
Poll duration: 50 seconds
Poll interval: 60 seconds
Maximum events: 200000
Hi Shishir,
option1:
In windows side, You can try increasing max log size before overriding old events
option2:
In Netwitness side, Set Max collcetion on collector side and disable debug.
both option details are available in 000029686 - Windows legacy log collection warni... | RSA Link