Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 252
  • Last Modified:

Grow time storage log event security

Dear,

I made GPO for all my desktop and servers, hold log security event for 40 days, I change maximum log size for 499968 KB but I seen that my server doesn't hold more that two  days .

How solve this problem ?

Bruno Steven
0
aspenbr
Asked:
aspenbr
  • 5
  • 5
1 Solution
 
George SasIT EngineerCommented:
Are you sure the gpo is applied to your servers ?
Are you talking about server as a member server or Domain Controllers ?
Try to run a "gpresult /r" and see if your GPO is applied to the server with the problem.
0
 
aspenbrAuthor Commented:
The GPO was applied , no problems . The server are member server and domain Controllers
0
 
George SasIT EngineerCommented:
So you have same problem on both member servers and DC's ?
How long ago did you applied the GPO ? Did you rebooted any of the servers after applying the GPO ?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
George SasIT EngineerCommented:
What OS are you running on your DC's ?
0
 
aspenbrAuthor Commented:
OS is Windows 2003 r2 Standard . I don't have problem with GPO application only policy . I need increase volume for storage event of security log , the limit isn't enough for hold log for 40 day .  
0
 
George SasIT EngineerCommented:
0
 
aspenbrAuthor Commented:
Thank GeoSs , but this template work only CrashOnAuditFail enable, isn't my case. I change storage limit for 1 GB . The model is nice, but model (adm) doesn't work when storage limit was reached. Do have you know change the MODEL for this ?


0
 
aspenbrAuthor Commented:
I have idea, on linux the is tool logrotate that break log for syslog storage log on new file. Do you know some tool work like logrotate on Windows system  ?
0
 
George SasIT EngineerCommented:
aspenbr: you are totally wrong here !

You can use the :
"Backup Log Automatically when full" option in the GPO.
This will save old event logs automatically and start a new one.
Have you even tried ??

This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the “Retain old events” policy setting is enabled.

If you enable this policy setting and the “Retain old events” policy setting is enabled, the Event Log file is automatically closed and renamed when it is full. A new file is then started.

If you disable this policy setting and the “Retain old events” policy setting is enabled, then new events are discarded and the old events are retained.

When this policy setting is not configured and the “Retain old events” policy setting is enabled, new events are discarded and the old events are retained.
0
 
aspenbrAuthor Commented:
Sorry , I am wrong , the GPO work fine , all logs more big that 400 MB create a new file for storage security event.

Thank very much .
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now