AnsweredAssumed Answered

Log for channel Security may have rolled over

Question asked by Jeremy Kerwin on Dec 17, 2019
Latest reply on Dec 26, 2019 by Dave Glover

On our Endpoint Log Hybrid (Not a legacy collector), I'm seeing the following errors in the /var/log/messages file for all of our Windows Event Sources.

 

Dec 18 02:36:46 <END_LOG_HYBRID> NwLogCollector[1568]: [WindowsCollection] [warning] [<AD_DOMAIN_CONTROLLER>] [processing] [WorkUnit] [processing] Log for channel Security may have rolled over. Previous/Current record number: 775648485/775648488.

 

 

I've followed the suggestions in this document 000029686 - Windows legacy log collection warning message "System may have rolled over" in RSA Netwitness  but it doesn't seem to make a difference.

 

Our current event log settings on the Domain Controller.

 

Settings within the Log Collector configuration

Outcomes