Click here to shrink
Click here to expand Click here to expand

Configuring event log settings

Event log size needs to be defined to prevent loss of audit data due to overwriting of events.

  • Open the GPMC and, based on your setup, right-click Default Domain Controllers Policy or ADAuditPlusMSPolicy or ADAuditPlusWSPolicy, then select Edit.
    To enable FIM on Right-click
    Domain controller Default Domain Controllers Policy GPO
    Windows server ADAuditPlusMSPolicy GPO
    Workstation ADAuditPlusWSPolicy GPO
  • Navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Event Log.
  • Set Retention method for security log to Overwrite events as needed.
  • Configure the Maximum security log size as defined below. Ensure that the security log can hold a minimum of 12 hours’ worth of data.
Role Operating system Size
Domain controller Windows Server 2003 512 MB
Domain controller Windows Server 2008 and above 1,024 MB
Member server Windows Server 2003 512 MB
Member server Windows Server 2008 and above 4,096 MB
Workstation Windows 10, 8, 7, Vista, and XP 512 MB

Configure security log size and retention settings

Don't see what you're looking for?

  •  

    Visit our community

    Post your questions in the forum.

     
  •  

    Request additional resources

    Send us your requirements.

     
  •  

    Need implementation assistance?

    Try OnboardPro

     

On this page

Copyright © 2020, ZOHO Corp. All Rights Reserved.

Get download link