Live Demo
Free Edition
Download NowEvent ID 1105 – Event Log Automatic Backup
| Event ID | 1105 |
| Category | Non Audit (Event Log) |
| Sub-category | Other Events (Log Automatic Backup) |
| Type | Success Audit |
| Description | Event log is backed up automatically. |
When the Windows security log becomes full, and the retention method has been set to "Archive the log when full, do not overwrite events", event ID 1105 is logged. The event log is backed up, and a new log file is created.
The archived log file's name is of the format:
"Archive-LOG_FILE_NAME-YYYY-MM-DD-hh-mm-ss-nnn.evtx".
This log data provides the following information:
- Log
- File
Why does event ID 1105 need to be monitored?
This is only an informational event and does not require monitoring. However, if overwriting of the event logs is the setting and this event is generated, it implies that settings might have been changed by someone else.
Pro Tip:
With in-depth reports, real-time alerts, and options for activities like automatic archiving, ADAudit Plus handles all log related non-audit events, helping you meet your security, operational, and compliance needs with absolute ease.
Event 1105 applies to the following operating systems:
- Windows 2008 R2 and 7
- Windows 2012 R2 and 8.1
- Windows 2016 and 10
Explore Active Directory auditing and reporting with ADAudit Plus.
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools