GPO Log Retention does not work.
Posted on 2012-09-14
Team, I would like the following behavior on my Domain Controllers log collection:
-	Retain logs for 1 day.
-	Archive on full log.
I have made the following GPO Settings:
-	Computer Configurations/Policies/Windows Settings/Security Settings/Event Log /Retention method for security log: By days
-	Computer Configurations/Policies/Windows Settings/Security Settings/Event Log/Retain security log: 1 days
-	Windows Components/Event Log Service/Securityshow/Backup log automatically when full: Enabled
-	Windows Components/Event Log Service/Securityshow/Retain old events: Enabled
I set the maximum log size to a large number to assure that there’s no way log fills up in a day.
What happens is: archives are created when reaching the maximum size, however, events that are older than 1 day are not erased.
Any idea why? Is there a policy conflict?