Configure event log settings in your domain

Event log size needs to be defined to prevent loss of audit data due to overwriting of events. To configure event log size and retention settings, follow the steps outlined below:

1. Log in to any computer that has the GPMC with Domain Admin credentials. Open the GPMC, right-click ADAuditPlusMSPolicy, then select Edit.
2. In the Group Policy Management Editor, select Computer Configuration →  Policies → Windows Settings → Security Settings → Event Log.
3. Navigate to the right pane and right-click on Retention method for security log. Select Properties → Overwrite events as needed.
4. Navigate to the right pane, then right-click Maximum security log size and define the size as directed in the table below.