mezen
asked on
GPO Log Retention does not work.
Team, I would like the following behavior on my Domain Controllers log collection:
-	Retain logs for 1 day.
-	Archive on full log.
I have made the following GPO Settings:
-	Computer Configurations/Policies/Wi ndows Settings/Security Settings/Event Log /Retention method for security log: By days
-	Computer Configurations/Policies/Wi ndows Settings/Security Settings/Event Log/Retain security log: 1 days
-	Windows Components/Event Log Service/Securityshow/Backu p log automatically when full: Enabled
-	Windows Components/Event Log Service/Securityshow/Retai n old events: Enabled
I set the maximum log size to a large number to assure that there’s no way log fills up in a day.
What happens is: archives are created when reaching the maximum size, however, events that are older than 1 day are not erased.
Any idea why? Is there a policy conflict?
-	Retain logs for 1 day.
-	Archive on full log.
I have made the following GPO Settings:
-	Computer Configurations/Policies/Wi
-	Computer Configurations/Policies/Wi
-	Windows Components/Event Log Service/Securityshow/Backu
-	Windows Components/Event Log Service/Securityshow/Retai
I set the maximum log size to a large number to assure that there’s no way log fills up in a day.
What happens is: archives are created when reaching the maximum size, however, events that are older than 1 day are not erased.
Any idea why? Is there a policy conflict?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
They are not compatible, but the behavior depends on how many events your security log records per day. If you have "retain old events" enabled, MS recommends you also use "Back up log automatically when full"
ASKER
Can two of the following settings co-exist?
- Computer Configurations/Policies/Wi
- Windows Components/Event Log Service/Securityshow/Retai