Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

 

Configuring event log settings for EMC server auditing

By default, the event log size is set to 512KB, beyond which events will be overwritten. To change the event log size, the location of the event log file must be changed from its default. To do this, follow the steps below:

  • Moving the event log file:
    • Create a new volume in the EMC file system by navigating to Storage > File > File Systems tab > Create new file system.

      Configure event log settings

      Configure event log settings

    • Create a new hidden share in that volume by navigating to Storage > File > SMB Shares > Create share. Select the file system that you created in the previous step. Once the SMB share is created, copy its local path along with the drive letter. Alternatively, you can obtain the local path under Computer Management console > System Tools > Shared Folders > Shares > right-click the hidden share > Properties > Folder path.

      Configure event log settings

      Configure event log settings

    • Go to Run > regedit > File > Connect Network Registry > type the EMC CIFS server's name.
    • Navigate to HKEY_LOCAL_MACHINE > System > CurrentControlSet > Services > Eventlog > Security > Security.

      Configure event log settings

    • Provide the local path of the hidden share (created in step ii) as the key Name under File > [Local Path of the Audit Log]. The default location of the event log file will now be updated.
  • Configuring archive settings:
    • Go to Run > eventvwr > right-click Event Viewer > Connect to Another Computer > type the target EMC CIFS server's name.
    • Navigate to Security Log > right-click Properties > select Do not overwrite events.
    • Go to Run > regedit > File > Connect Network Registry > type the target EMC CIFS server's name.
    • Navigate to HKEY_LOCAL_MACHINE > System > CurrentControlSet > Services > Eventlog > Security >Security.

      Configure event log settings

    • Provide the values below for the archive settings:
      • AutoArchiveEnabled: 1
      • AutoArchiveTriggerPolicySize: 512MB
      • AutoArchiveRetentionPolicySize: 10GB

To verify that the changes have been synced with ADAudit Plus, log in to the ADAudit Plus web console and navigate to File Audit > Configured Servers > EMC Server > click the EMC Audit Options icon. If the changes haven't been reflected, click Refresh in the top-right corner of the table.

Configure event log settings

ADAudit Plus Trusted By