none
Event viewer security logs not updating RRS feed

  • Question

  • Hi everyone,

    First off, thanks to everyone on this forum for the help and feedback given to techies everywhere. It's really helpful and appreciated.

    I have an issue I'm struggling with. I have 2 Windows 2012 AD servers and 1 2008. AD audit logs (logon/log off success/failure etc) are not showing up on the 2012 servers but are being logged on the 2008 server. When I check security logs on the 2012 servers, I keep getting this log "The event logging service has shut down. (EventID:1100)" Auditing is deployed via GPO. Any ideas?

    Tuesday, February 9, 2016 7:07 AM

All replies

  • Hi,

    Please check if the event log file is too large or corrupt.

    Please try to rename the event log file and restart the event logging service. It will let the service re-create a new file.

    If issue persists, please use auditpol to check the audit policy.

    Best Regards.


    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Wednesday, February 10, 2016 6:41 AM
    Moderator
  • Hi,

    The file was about 300MB. Renamed it and a new on was created but still getting "event log service is shutdown"

    Any specific pointers on how to check with auditpol?

    Wednesday, February 10, 2016 9:07 AM
  • Start the event log service manualyin your "services"

    Best Regards,

    Jeff

    Netwrix Technical Evangelist

    Netwrix Blog  Twitter:   LinkedIn:   Facebook:

    Netwrix Auditor  is an IT audit software that maximizes visibility of IT infrastructure changes and data access. The product provides actionable audit data about who changed what, when and where and who has access to what.

    Friday, February 12, 2016 10:56 AM
  • Hi,

    That's the baffling thing. The service is running but logs report it's shutdown. Can't upload pics my account not verified (work in progress).

    Regards 

    Friday, February 12, 2016 11:25 AM
  • Friday, February 19, 2016 9:36 AM