n this article:

• Objective

• Prerequisites

• Steps to follow

• Tips

• Related topics and articles

Objective  

This article guides you through the process of adjusting event log retention settings using ADAudit Plus. This is required to retain more events in the Event Viewer to make sure that the logs are not purged in a short span of time.

Prerequisites  

• Ability to make changes to log and security log retention to the target machines' Event Viewer

Steps to follow

Step 1: Ensure the maximum log size is set to at least 4GB

1. Log in to the server where you need to modify the security log retention settings.

2. Go to Start > Run, type eventvwr, and press Enter to open the Event Viewer.

3. Expand Windows Logs > right-click Security > Properties.

4. Set the Maximum log size (KB): to 4194240 KB, which is 4GB.

5. Click Apply and OK.

Step 2: Configure event log retention via Group Policy

1. Log in to the domain controller.

2. Go to Start > Run, type gpmc.msc, and press Enter to open the Group Policy Management Console.

3. Access and edit the ADAuditPlusPolicy GPO or whichever GPO is applied to the relevant servers or workstations.

4. Expand Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies.

5. Choose Event Log.

6. Navigate to the right pane, right-click Retention method for security log, navigate to Properties, and set overwrite events as needed.

7. Navigate to the right pane, right-click Maximum security log size, and define the size to 4194240 KB, which is 4GB.

8. Click OK.

Tips

• These changes are best executed via GPO.

• Do not configure more than 4GB in the event log retention settings.

• You can use gpupdate /force to immediately apply the changes. Search for Command Prompt in the Start menu, right-click, and select Run as administrator to run the command.

Related topics and articles  

• Event log settings