Go Up
You are here: DeploymentConfigure IT InfrastructureWindows ServerConfigure Event Log Size and Retention Settings

Configure Event Log Size and Retention Settings

To prevent data loss, you need to specify the maximum size for the following event logs: Application, Security, System, Microsoft-Windows-TaskScheduler/Operational, and Microsoft-Windows-DNS-Server/Audit (only for DCs running Windows Server 2012 R2 and above). The procedure below provides you with just one of a number of possible ways to specify the event log settings. If you have multiple target computers, you need to perform this procedure on each of them.

To configure the event log size and retention method

  1. On a target server, navigate to Start Windows Administrative Tools (Windows Server 2016) or Administrative Tools (Windows 2012 R2 and below) Event Viewer.
  2. Navigate to Event Viewer tree Windows Logs, right-click Security and select Properties.

  3. Make sure Enable logging is selected.

  4. In the Maximum log size field, specify the size—4GB.
  5. Make sure Do not overwrite events (Clear logs manually) is cleared. If selected, change the retention method to Overwrite events as needed (oldest events first).

NOTE: Make sure the Maximum security log size group policy does not overwrite your log settings. To check this, start the Group Policy Management console, proceed to the GPO that affects your server, and navigate to Computer Configuration Policies Windows Settings Security Settings Event Log.

  1. Repeat these steps for the following event logs:

    • Windows Logs Application
    • Windows Logs System
    • Applications and Services Logs Microsoft Windows TaskScheduler Operational Microsoft-Windows-TaskScheduler/Operational

      NOTE: Configure setting for DNS log only if you want to monitor scheduled tasks.

    • Applications and Services Logs Microsoft Windows DNS-Server Audit

      NOTE: Configure setting for DNS log only if you want to monitor DNS changes. The log is available on Windows Server 2012 R2 and above and is not enabled by default. See Microsoft documentation for more information on how to enable this log.

Go Up