HostedDB - Dedicated UNIX Servers
Q. How can I configure the system to stop when the security log is full?

Q. How can I configure the system to stop when the security log is full?

A. To avoid security logs being lost you can configure the system to halt if the security log becomes full so that only Administrators can logon, they can then archive the log and purge

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  3. If CrashOnAuditFail exists then skip to step 4, if not from the Edit menu select New - DWORD value and enter a name of CrashOnAuditFail. Click OK
  4. Double click on CrashOnAuditFail and set to either:
    1 - Stop if the audit log is full
    2 - This is set by the operating system just before the system crashes due to a full audit log. When set to 2 only the administrator can logon.
  5. Close the registry editor

When this happens the OS will display a BSOD.

This FAQ is copyright © 1999 John Savill (SavillTech Ltd). No part of this document should be reproduced, distributed or altered without my written permission. Contact Information.