Go Up
You are here: AdministrationAdditional ConfigurationFine-tune Netwrix Auditor with Registry KeysEvent Log Monitoring

Registry Keys for Monitoring Event Log

Review the basic registry keys that you may need to configure for monitoring event logs with Netwrix Auditor. Navigate to Start Run and type "regedit".

Registry key (REG_DWORD type) Description / Value
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\Netwrix Auditor\Event Log Manager\<monitoring plan name>\Database Settings

ConnectionTimeout

Defines SQL database connection timeout (in seconds).

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\Netwrix Auditor\Event Log Manager\<monitoring plan name>\ElmDbOptions

BatchTimeOut

Defines batch writing timeout (in seconds).

DeadLockErrorCount

Defines the number of write attempts to a SQL database.

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\Netwrix Auditor\Event Log Manager

CleanAutoBackupLogs

Defines the retention period for the security log backups:

  • 0—Backups are never deleted from Domain controllers
  • [X]— Backups are deleted after [X] hours

ProcessBackupLogs

Defines whether to process security log backups:

  • 0—No
  • 1—Yes

NOTE: Even if this key is set to "0", the security log backups will not be deleted regardless of the value of the CleanAutoBackupLogs key.

WriteAgentsToApplicationLog

Defines whether to write the events produced by the Netwrix Auditor Event Log Compression Service to the Application Log of a monitored machine:

  • 0—Disabled
  • 1—Enabled

WriteToApplicationLog

Defines whether to write events produced by Netwrix Auditor to the Application Log of the machine where the product is installed:

  • 0—No
  • 1—Yes

Go Up