Related Products
AD360

Integrated Identity & Access Management
Download | Demo
Log360

Comprehensive SIEM and UEBA
Download | Demo
ADManager Plus

Active Directory Management & Reporting
Download | Demo
ADSelfService Plus

Self-Service Password Management
Download | Demo
EventLog Analyzer

Real-time Log Analysis & Reporting
Download | Demo
Exchange Reporter Plus

Exchange Server Auditing & Reporting
Download | Demo

Click here to expand

Configuring event log settings

Event log size needs to be defined to prevent loss of audit data due to overwriting of events.

Open the GPMC and, based on your setup, right-click Default Domain Controllers Policy or ADAuditPlusMSPolicy or ADAuditPlusWSPolicy, then select Edit.

To enable FIM on	Right-click
Domain controller	Default Domain Controllers Policy GPO
Windows server	ADAuditPlusMSPolicy GPO
Workstation	ADAuditPlusWSPolicy GPO

Navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Event Log.
Set Retention method for security log to Overwrite events as needed.
Configure the Maximum security log size as defined below. Ensure that the security log can hold a minimum of 12 hours’ worth of data.

Role	Operating system	Size
Domain controller	Windows Server 2003	512 MB
Domain controller	Windows Server 2008 and above	1,024 MB
Member server	Windows Server 2003	512 MB
Member server	Windows Server 2008 and above	4,096 MB
Workstation	Windows 10, 8, 7, Vista, and XP	512 MB

Configure security log size and retention settings

Don't see what you're looking for?

Visit our community

Post your questions in the forum.
Request additional resources

Send us your requirements.
Need implementation assistance?

Try OnboardPro

Configuring event log settings

Don't see what you're looking for?

Visit our community

Request additional resources

Need implementation assistance?

On this page