This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Log for channel Security may have rolled over

Go to solution
Anonymous
Not applicable

‎2019-12-17 10:29 PM

On our Endpoint Log Hybrid (Not a legacy collector), I'm seeing the following errors in the /var/log/messages file for all of our Windows Event Sources.

 

Dec 18 02:36:46 <END_LOG_HYBRID> NwLogCollector[1568]: [WindowsCollection] [warning] [<AD_DOMAIN_CONTROLLER>] [processing] [WorkUnit] [processing] Log for channel Security may have rolled over. Previous/Current record number: 775648485/775648488.

 

 

I've followed the suggestions in this document 000029686 - Windows legacy log collection warning message "System may have rolled over" in RSA Netwitness  but it doesn't seem to make a difference.

 

Our current event log settings on the Domain Controller.

pastedImage_2.png

 

Settings within the Log Collector configuration

pastedImage_3.png

pastedImage_4.png

0 Likes
10 REPLIES 10

Go to solution
DaveGlover
Trusted Contributor Trusted Contributor
Trusted Contributor
In response to Anonymous

‎2019-12-26 06:58 PM

You are correct. It's a WinRM issue only

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.