Why does the Security log sometimes fail to capture logon and logoff events, while the System and Application logs work fine? In Event Viewer, the Security log size is set at 512KB and the Data older than 7 days will be overwritten option is selected.
The most probable reason is that new events are pouring into the Security log faster than older events are expiring. At 512KB, your log is pretty small to hold 7 days worth of audit data. When the log fills up and no events are older than 7 days, Windows stops logging events until some expire and can be overwritten. The reason the Application and System logs don't exhibit this problem is that these two logs are far less busy than the Security log. I recommend that you increase the size of your log to at least 10MB and consider changing the log to automatically overwrite older events with newer ones.
