I have modified the script found here\n[URL]http://www.microsoft.com/technet/scriptcenter/scripts/logs/eventlog/lgevvb17.mspx[/URL]\n\nto monitor event ID 560. This is running on a Windows 2000 Enterprise\nServer that gets a lot of entries in the security log. Eventually my script\nreturns an error:\nSWbemEventSource: Event queue overflowed.\n\nNot much on this error online. I did find that the wbemess.log file\ncontains this entry:\n(Mon Feb 05 13:30:47 2007) : The limit of 2000000 was exceeded for events\nheld for consumers. The system is under extreme stress and out-of-memory\nconditions can ensue\n\nThe server has .Net 2.0 installed, not 1.0 which apparently there may have\nbeen a hotfix for.\n\nAny ideas on how to get around this error?\n\nThanks.