By default, the event log size is set to 512KB, beyond which events will be overwritten. To change the event log size, the location of the event log file must be changed from its default. To do this, follow the steps below:
- Moving the event log file:
- Create a new volume in the EMC file system by navigating to Storage > File > File Systems tab > Create new file system.
- Create a new hidden share in that volume by navigating to Storage > File > SMB Shares > Create share. Select the file system that you created in the previous step. Once the SMB share is created, copy its local path along with the drive letter. Alternatively, you can obtain the local path under Computer Management console > System Tools > Shared Folders > Shares > right-click the hidden share > Properties > Folder path.
- Go to Run > regedit > File > Connect Network Registry > type the EMC CIFS server's name.
- Navigate to HKEY_LOCAL_MACHINE > System > CurrentControlSet > Services > Eventlog > Security > Security.
- Provide the local path of the hidden share (created in step ii) as the key Name under File > [Local Path of the Audit Log]. The default location of the event log file will now be updated.
- Configuring archive settings:
- Go to Run > eventvwr > right-click Event Viewer > Connect to Another Computer > type the target EMC CIFS server's name.
- Navigate to Security Log > right-click Properties > select Do not overwrite events.
- Go to Run > regedit > File > Connect Network Registry > type the target EMC CIFS server's name.
- Navigate to HKEY_LOCAL_MACHINE > System > CurrentControlSet > Services > Eventlog > Security >Security.
- Provide the values below for the archive settings:
- AutoArchiveEnabled: 1
- AutoArchiveTriggerPolicySize: 512MB
- AutoArchiveRetentionPolicySize: 10GB
To verify that the changes have been synced with ADAudit Plus, log in to the ADAudit Plus web console and navigate to File Audit > Configured Servers > EMC Server > click the EMC Audit Options icon. If the changes haven't been reflected, click Refresh in the top-right corner of the table.
