Big savings, Better ROI! Exclusive discounts on ManageEngine Products!* Boost your business *T&C apply
    Click here to shrink
    Click here to expand Click here to expand

    Configuring event log settings for EMC server auditing

    By default, the event log size is set to 512KB, beyond which events will be overwritten. To change the event log size, the location of the event log file must be changed from its default. To do this, follow the steps below:

    Moving the event log file:

    • Create a new volume in the EMC file system by navigating to Storage > File > File Systems tab > Create new file system.
    • Create a new hidden share in that volume by navigating to Storage > File > SMB Shares > Create share. Select the file system that you created in the previous step. Once the SMB share is created, copy its local path along with the drive letter. Alternatively, you can obtain the local path under Computer Management console > System Tools > Shared Folders > Shares > right-click the hidden share > Properties > Folder path.
    • Go to Run > regedit > File > Connect Network Registry > type the EMC CIFS server's name.
    • Navigate to HKEY_LOCAL_MACHINE > System > CurrentControlSet > Services > Eventlog > Security > Security.
    • Provide the local path of the hidden share (created in step ii) as the key Name under File > [Local Path of the Audit Log]. The default location of the event log file will now be updated.

    Configuring archive settings:

    • Go to Run > eventvwr > right-click Event Viewer > Connect to Another Computer > type the target EMC CIFS server's name.
    • Navigate to Security Log > right-click Properties > select Do not overwrite events.
    • Go to Run > regedit > File > Connect Network Registry > type the target EMC CIFS server's name.
    • Navigate to HKEY_LOCAL_MACHINE > System > CurrentControlSet > Services > Eventlog > Security > Security.
    • Provide the values below for the archive settings:
      • AutoArchiveEnabled: 1
      • AutoArchiveTriggerPolicySize: 512MB
      • AutoArchiveRetentionPolicySize: 10GB

    To verify that the changes have been synced with ADAudit Plus, log in to the ADAudit Plus web console and navigate to File Audit > Configured Servers > EMC Server > click the EMC Audit Options icon. If the changes haven't been reflected, click Refresh in the top-right corner of the table.

    Don't see what you're looking for?

    •  

      Visit our community

      Post your questions in the forum.

       
    •  

      Request additional resources

      Send us your requirements.

       
    •  

      Need implementation assistance?

      Try onboarding

       

    On this page

    Get download link