The following warning is recorded in the InTrust server log:
"The event backup directory on agent 'server.domain.com' has exceeded its size limit. Some files were deleted. For the '{A8CFC803-CDAD-47C5-B195-4C043A4F4BC7}' data source, records in the following date range were removed: from Mon Mar 15 04:18:01 2010 GMT to Mon Mar 15 04:20:13 2010."
The warning described above refers to the agent-side backup cache retention. The default cache size is 1GB and events are retained for max 8 days. When the compressed cache size reaches 1GB the oldest and busiest log cache file is deleted. If cache files must be purged before 8 days this message will be displayed.
The GUID {A8CFC803-CDAD-47C5-B195-4C043A4F4BC7} refers to the Security log and is usually the log you will see referenced in these types of events as it will be the busiest log most times. In this case, 'server.domain.com' is collecting 1GB of compressed data every day or so. Based on the time stamp in the event (Mon Mar 15 04:18:01 2010 GMT to Mon Mar 15 04:20:13 2010) the machine is writing 64MB of security log every 2 minutes (each cache file is ~64MB uncompressed).
It may be ignored if you have collecting the events before the events are lost. You may also wish to increase the cache size or investigate what is causing the large amounts of events in the security logs.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center