Solved

Grow time storage log event security

Posted on 2010-09-10
10
247 Views
Last Modified: 2013-11-05
Dear,

I made GPO for all my desktop and servers, hold log security event for 40 days, I change maximum log size for 499968 KB but I seen that my server doesn't hold more that two  days .

How solve this problem ?

Bruno Steven
0
Comment
Question by:aspenbr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
10 Comments
 
LVL 13

Expert Comment

by:George Sas
ID: 33649976
Are you sure the gpo is applied to your servers ?
Are you talking about server as a member server or Domain Controllers ?
Try to run a "gpresult /r" and see if your GPO is applied to the server with the problem.
0
 
LVL 1

Author Comment

by:aspenbr
ID: 33650048
The GPO was applied , no problems . The server are member server and domain Controllers
0
 
LVL 13

Expert Comment

by:George Sas
ID: 33650108
So you have same problem on both member servers and DC's ?
How long ago did you applied the GPO ? Did you rebooted any of the servers after applying the GPO ?
0
Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

 
LVL 13

Expert Comment

by:George Sas
ID: 33650200
What OS are you running on your DC's ?
0
 
LVL 1

Author Comment

by:aspenbr
ID: 33650515
OS is Windows 2003 r2 Standard . I don't have problem with GPO application only policy . I need increase volume for storage event of security log , the limit isn't enough for hold log for 40 day .  
0
 
LVL 13

Accepted Solution

by:
George Sas earned 250 total points
ID: 33650936
0
 
LVL 1

Author Comment

by:aspenbr
ID: 33667369
Thank GeoSs , but this template work only CrashOnAuditFail enable, isn't my case. I change storage limit for 1 GB . The model is nice, but model (adm) doesn't work when storage limit was reached. Do have you know change the MODEL for this ?


0
 
LVL 1

Author Comment

by:aspenbr
ID: 33667505
I have idea, on linux the is tool logrotate that break log for syslog storage log on new file. Do you know some tool work like logrotate on Windows system  ?
0
 
LVL 13

Expert Comment

by:George Sas
ID: 33669982
aspenbr: you are totally wrong here !

You can use the :
"Backup Log Automatically when full" option in the GPO.
This will save old event logs automatically and start a new one.
Have you even tried ??

This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the “Retain old events” policy setting is enabled.

If you enable this policy setting and the “Retain old events” policy setting is enabled, the Event Log file is automatically closed and renamed when it is full. A new file is then started.

If you disable this policy setting and the “Retain old events” policy setting is enabled, then new events are discarded and the old events are retained.

When this policy setting is not configured and the “Retain old events” policy setting is enabled, new events are discarded and the old events are retained.
0
 
LVL 1

Author Comment

by:aspenbr
ID: 33719112
Sorry , I am wrong , the GPO work fine , all logs more big that 400 MB create a new file for storage security event.

Thank very much .
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
inactive users 13 89
Best practices power settings GPO Win 10 4 121
Windows 2003 domain controller crashed BDC is 2008 server 4 90
Auto Login Script 3 67
by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question