Back to your phpLogCon instanceEventlog Type: Security
Eventlog Source: Security
Event ID: 517
Link to KB Entry
Short Description:
The security log was cleared.
KnowledgeBase Event Repository
This site is the central interface to the Adiscon Event Repository-
- Details for this entry
-
- Eventlog Type:
- Security
- Eventlog Source:
- Security
- Event ID:
- 517
- Full Description:
- The security log was cleared.
- Parameter Description:
- The audit log was cleared
%n
%tPrimary User Name:%t%1%n
%tPrimary Domain:%t%2%n
%tPrimary Logon ID:%t%3%n
%tClient User Name:%t%4%n
%tClient Domain:%t%5%n
%tClient Logon ID:%t%6%n
- More Informations:
- Cause
This event record indicates that the audit log has been cleared. This event is always recorded, regardless of the audit policy. It is recorded even if auditing is turned off. The audit log should be saved in a file before deleting. The practice of always saving copies of audit logs is good for catching fraudulent users. A fraudulent user with sufficient privileges can delete the audit log as a way of erasing evidence of tampering with the computer systems and files. Lack of a backed-up audit log will help trace an unauthorized user. Once deleted, an audit log is lost unless a copy was made and saved before deleting.
ResolutionAlways save copies of your audit logs before deleting them.
- Search for this Event::
- Search in Knowledge Base • Search in this Forum • Search on Windows-Expert.com
-
- Software Vendor: Microsoft
- Accessed: 4007
Discuss the Event
Discussion for KB Entry 66 - Event ID 517
This is the discussion thread for the Knowledge Base Entry 66
Eventlog Type: Security
Eventlog Source: Security
Event ID: 517
Link to KB Entry
Short Description:
Eventlog Type: Security
Eventlog Source: Security
Event ID: 517
Link to KB Entry
Short Description:
-
knowledgebase - Frequent Poster
- Posts: 128
- Joined: Wed May 28, 2008 10:09 am
About the KnowledgeBase Event Repository
This is a repository of known Windows Events, hopefully together with a description of what it means, when it appears and how to troubleshoot it. The event repository was initially provided as a tool for parser creation but has since evolved. It is now part of the overall knowledgebase in the hope that it provides a useful service to the community. Please add your comments and questions (which we try to answer), as this increases the event repository usefulness for all of us.
