Go Up
You are here: DeploymentConfigure IT InfrastructureActive DirectoryConfigure Security Event Log Size and Retention Settings

Adjusting Security Event Log Size and Retention Settings

Defining the Security event log size is essential for change auditing. If the log size is insufficient, overwrites may occur before data is written to the Long-Term Archive and the Audit Database, and some audit data may be lost.

To prevent overwrites, you can increase the maximum size of the Security event log and set retention method for this log to “Overwrite events as needed”.

To adjust your Security event log size and retention method, follow the procedure described below.

NOTE: To read about event log settings recommended by Microsoft, refer to this article.

Auto-archiving Security Log (optional)

If "Overwrite" option is not enough to meet your data retention requirements, you can use auto-archiving option for Security event log to preserve historical event data in the archive files. This option can be enabled centrally for all domain controllers, using the procedure described below. In such scenario, the logs will be automatically archived when necessary (no events will be overwritten).

With the automatic log backup enabled, you may want to adjust the retention settings for log archives (backups). Default retention period for these files is 50 hours; when it expires, log archives are deleted. To adjust this setting, follow this procedure described below.

Go Up