Go Up
You are here: DeploymentConfigure IT InfrastructureActive DirectoryConfigure Security Event Log Size and Retention Settings

Adjust Security Event Log Size and Retention Settings

Security event log of the domain controller is essential for the change auditing of your Active Directory. If the log size is insufficient, overwrites may occur before Netwrix Auditor stores event data to its long-term archive and audit database, and some information may be lost.

To prevent overwrites, you can increase the maximum size of the Security event log and set retention method for this log to “Overwrite events as needed”.

To adjust domain controller's Security event log size and retention method, follow the procedure described below.

NOTE: To read about event log settings recommended by Microsoft, refer to this article.

Auto-archiving Security Log (optional)

If "Overwrite" option is not enough to meet your data retention requirements, you can use auto-archiving option for Security event log to preserve historical event data in the archive files. This option can be enabled centrally for all domain controllers, using the procedure described below. In such scenario, the logs will be automatically archived when necessary (no events will be overwritten).

Now the automatic log backup is enabled.

Using Netwrix Auditor to Remove Outdated Log Backups

You can instruct Netwrix Auditor to keep log archives (backups) for the specified period of time. When it expires, Netwrix Auditor will delete log archives from target domain controllers. To configure related Netwrix Auditor settings, use the registry key and set the required value, as described below.

See also Registry Keys for Monitoring Active Directory.

Go Up