Configuring event log settings
Event log size needs to be defined to prevent loss of audit data due to overwriting of events.
- Open the GPMC and, based on your setup, right-click Default Domain Controllers Policy or ADAuditPlusMSPolicy or ADAuditPlusWSPolicy, then select Edit.
| To enable FIM on | Right-click |
|---|---|
| Domain controller | Default Domain Controllers Policy GPO |
| Windows server | ADAuditPlusMSPolicy GPO |
| Workstation | ADAuditPlusWSPolicy GPO |
- Navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Event Log.
- Set Retention method for security log to Overwrite events as needed.
- Configure the Maximum security log size as defined below. Ensure that the security log can hold a minimum of 12 hours’ worth of data.
| Role | Operating system | Size |
|---|---|---|
| Domain controller | Windows Server 2003 | 512 MB |
| Domain controller | Windows Server 2008 and above | 1,024 MB |
| Member server | Windows Server 2003 | 512 MB |
| Member server | Windows Server 2008 and above | 4,096 MB |
| Workstation | Windows 10, 8, 7, Vista, and XP | 512 MB |
