Configuring Security Event Log Size and Retention Settings
Security event log size and retention settings can be configured in each computer or configured via a GPO to all target computers.
Local Configuration
- Open Run (Start -> Run), type eventvwr.msc
- Right click "Security" log(Event Viewer -> Windows Logs -> Security log) and select "Properties"
- Configure "Maximum log size" as defined below in the table
- Configure "When maximum event log size is reached" retention method for security log to “Overwrite Events As Needed”
GPO Configuration
- Open GPMC
- Edit the corresponding GPO (FIM on DomainControllers, FIM on Member Servers)
- Navigate to Computer Configuration → Policies → Windows Settings → Security Settings → Event Log
- Configure "Maximum security log" size as defined below
- Configure "Retention method for security log" to “Overwrite Events As Needed”
Recommended Security Log Size
| Role | OS of the target computer | Log size(MB) |
| Domain Controller | Windows Server 2003 | 307 |
| Domain Controller | Windows Server 2008 and above | 1048 |
| File Server | Windows Server 2003 | 307 |
| File Server | Windows Server 2008 and above | 4194 |
| Member Server | Windows Server 2003 | 307 |
| Member Server | Windows Server 2008 and above | 1048 |
| Workstation | Window XP | 307 |
| Workstation | Windows Vista and above | 1048 |
No comments:
Post a Comment