I am currently trying to integrate windows aggregators in our environment. The problem that I am facing is related to the rolling of a channel for the windows logs. I have the following error in the logs:
Log for channel Security may have rolled over. Previous/Current record number: xxxx/xxxx.
As per the RSA link, I have increased the maximum log storage size to 2 GB from 20 MB on the windows aggregator and also tried to change the polling duration. However, this is still not fixing the issue.
I have been trying with different Poll interval / Poll duration and maximum events. Still, I keep getting the same rollover error. Is there a way to derive an optimum setting for polling interval/ poll duration and maximum events ? Thanks for the assistance in advance.
Thanks for the response. I have used the same link you suggested and increased the maximum log size as well as tried to even set poll interval as -1 and maximum number of logs as 0 (which means unlimited) however it still comes back with this error.
I am not sure what else needs to be done for this error to not appear. Any suggestions ?