Message: “Couldn’t read last record for Security log (state 87) – nLastRecord set to 0 to recover.”
This actually is no error, but a status message. There can be three reasons for this message:
- This message occurs when by any chance the last entry in the event log gets deleted. By the network administrator or however. Because of this, nLastRecord (which keeps the track of last entry in the event log), which contains the last event log record read (of the particular event log part), is reset to 0. This parameter is usually not to be modified. If you would like to get a complete dump of your event log instantly, enter 0 in this parameter. There is a setting for this message in the options of the event log monitor service, called “Report truncated log”. If this option is checked, the message appears if a log is somehow truncated.
If for any reason EvntSLog is unable to read the event log (e. g. truncated by administrator), it will reset nLastRecord to 0 automatically (that event, too, is logged in the NT application event log). The EventReporter manual will give you more information on this message.
- There can be one more reason for this message; that the Eventlog has become corrupted at some position. You can verify this by scrolling through the Eventlog with the EventViewer. If it is indeed corrupted, an error message will pop up.
- Third party applications that run on the same machine and interfere or lock the event log. One such application is the ISS RealSecure Server Sensor.
Please note that this information is only applicable to EventReporter 6.x and MonitorWare Agent.