   |
Configuring Security Event Log Size and Retention Settings
Security event log size and retention settings can be configured in each computer or configured via a GPO to all target computers.
Local Configuration
- Open Run (Start -> Run), type eventvwr.msc
- Right click "Security" log(Event Viewer -> Windows Logs -> Security log) and select "Properties"
- Configure "Maximum log size" as defined below in the table
- Configure "When maximum event log size is reached" retention
method for security log to “Overwrite Events As Needed”
- Open GPMC
- Edit the corresponding GPO (FIM on DomainControllers, FIM on Member Servers)
- Navigate to Computer Configuration → Policies → Windows Settings → Security Settings → Event Log
- Configure "Maximum security log" size as defined below
- Configure "Retention method for security log" to “Overwrite
Events As Needed”
| Role |
OS of the target computer |
Log size(MB) |
| Domain Controller |
Windows Server 2003 |
307 |
| Domain Controller |
Windows Server 2008 and above |
1048 |
| File Server |
Windows Server 2003 |
307 |
| File Server |
Windows Server 2008 and above |
4194 |
| Member Server |
Windows Server 2003 |
307 |
| Member Server |
Windows Server 2008 and above |
1048 |
| Workstation |
Window XP |
307 |
| Workstation |
Windows Vista and above |
1048 |
Note: Ensure security event log holds minimum of 12hrs of data.
| |
Copyright © 2017, ZOHO Corp.
All Rights Reserved.