Automatic backup of event logs

I need to retain event logs from our server for a certain amount of time to meet regulations.  How can I specify that the log file be saved with a unique name or appended to an existing file once it reaches a specific size on the server?  I don't want it to overwrite the older logs.

Who is Participating?
Rich RumbleConnect With a Mentor Security SamuraiCommented:
A backup solution can do what you ask, by backing up differences between the files. However with this situation, event log's just append when they reach a certain size as you are probably aware. Some incremental backup's will allow you to append the new entries to the files without erasing the the entries that may no longer be there.
Phil_AgcaoiliConnect With a Mentor Commented:
The other route is to send Windows Event Logs to a Syslog server.  

Once on the Syslog server you can save them on the disk or burn them to a DVDR for future use.

Try these solutions:

With this method, you can set size limits to your log file, append, or edit the files as needed, it's a very configurable option.
Rich RumbleSecurity SamuraiCommented:
One note on a "incremental backup" file for event log's- there is 300mb limit to the eventlog reader. That's a lot of log's... I do think saving them each day to individual files is probably best- that is the case with syslog or Snare servers. You can compress and password protect backed up event logs- most backup utilities use compression for saving old files. Snare is more of an alerting/monitoring mechanisim for suspecious behaviour.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.