On our Endpoint Log Hybrid (Not a legacy collector), I'm seeing the following errors in the /var/log/messages file for all of our Windows Event Sources.
Dec 18 02:36:46 <END_LOG_HYBRID> NwLogCollector: [WindowsCollection] [warning] [<AD_DOMAIN_CONTROLLER>] [processing] [WorkUnit] [processing] Log for channel Security may have rolled over. Previous/Current record number: 775648485/775648488.
I've followed the suggestions in this document 000029686 - Windows legacy log collection warning message "System may have rolled over" in RSA Netwitness but it doesn't seem to make a difference.
Our current event log settings on the Domain Controller.
Settings within the Log Collector configuration