Big savings, Better ROI! Exclusive discounts on ManageEngine Products!* Boost your business *T&C apply

Home

Related Products
ADManager Plus

Active Directory Management & Reporting
Download | Demo
ADSelfService Plus

Self-Service Password Management
Download | Demo
EventLog Analyzer

Real-time Log Analysis & Reporting
Download | Demo
Exchange Reporter Plus

Exchange Server Auditing & Reporting
Download | Demo
AD360

Integrated Identity & Access Management
Download | Demo
Log360

Comprehensive SIEM and UEBA
Download | Demo

Click here to expand

Configuring event log settings

Event log size needs to be defined to prevent audit data loss due to events getting overwritten. To configure event log size and retention settings, follow the steps outlined below-

Log in to any computer that has the Group Policy Management Console (GPMC), with Domain Admin credentials → Open GPMC → Right click on Default Domain Controllers Policy → Edit.
In the Group Policy Management Editor → Computer Configuration → Policies → Windows Settings → Security Settings → Event Log.
Navigate to the right pane → Right click on Retention method for security log → Properties → Overwrite events as needed.
Navigate to the right pane → Right click on Maximum security log size → Define size as directed in the table below.

Note: Ensure security event log holds minimum of 12hrs of data.

Role	Operating System	Size
Domain Controller	Windows Server 2003	512 MB
Domain Controller	Windows Server 2008 and above	1024 MB

active-directory-audit-configuring-event-log-settings

Don't see what you're looking for?

Visit our community

Post your questions in the forum.
Request additional resources

Send us your requirements.
Need implementation assistance?

Try onboarding

Help Document

Configuring event log settings

Don't see what you're looking for?

Visit our community

Request additional resources

Need implementation assistance?

On this page