The procedure below describes one of the possible ways to adjust event log settings. If you have multiple target computers, you need to perform this procedure on each of them.
NOTE: If you move security log files from the default system folder to a non-default one, you must reboot your target server for the reports and search functionality to work properly.
- On a target server, navigate to Start → Windows Administrative Tools (Windows Server 2016) or Administrative Tools (Windows 2012 R2 and below) → Event Viewer.
Navigate to Event Viewer tree → Windows Logs, right-click Security and select Properties.
Make sure Enable logging is selected.
- In the Maximum log size field, specify the size—4GB.
Make sure Do not overwrite events (Clear logs manually) is cleared. If selected, change the retention method to Overwrite events as needed (oldest events first).
NOTE: Make sure the Maximum security log size group policy does not overwrite your log settings. To check this, start the Group Policy Management console, proceed to the GPO that affects your server, and navigate to Computer Configuration → Policies → Windows Settings → Security Settings → Event Log.