GPO Log Retention does not work.

Team, I would like the following behavior on my Domain Controllers log collection:
-	Retain logs for 1 day.
-	Archive on full log.


I have made the following GPO Settings:
-	Computer Configurations/Policies/Windows Settings/Security Settings/Event Log /Retention method for security log: By days
-	Computer Configurations/Policies/Windows Settings/Security Settings/Event Log/Retain security log: 1 days
-	Windows Components/Event Log Service/Securityshow/Backup log automatically when full: Enabled  
-	Windows Components/Event Log Service/Securityshow/Retain old events: Enabled
I set the maximum log size to a large number to assure that there’s no way log fills up in a day.

What happens is: archives are created when reaching the maximum size,  however, events that are older than 1 day are not erased.

Any idea why? Is there a policy conflict?
mezenAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
eeRootConnect With a Mentor Commented:
Can you us the gpresult tool to verify that the GPO is being applied and is not loosing precedence to another GPO?

http://technet.microsoft.com/en-us/library/cc733160%28v=ws.10%29.aspx
0
 
mezenAuthor Commented:
I did, everything is how I planned. I'm not green with Group Policies, however my question is:

Can two of the following settings co-exist?

- Computer Configurations/Policies/Windows Settings/Security Settings/Event Log /Retention method for security log: By days - than I specify 1 day.

- Windows Components/Event Log Service/Securityshow/Retain old events: Enabled
0
 
eeRootCommented:
They are not compatible, but the behavior depends on how many events your security log  records per day.  If you have "retain old events" enabled, MS recommends you also use "Back up log automatically when full"
0
All Courses

From novice to tech pro — start learning today.