Retaining Event Viewer logs for 90 days
I would like to find out if there is a way to retain Event Viewer logs for a period of 90 days? Is there a way to do this via a GPO setting? Or even a registry tweak?This is for troubleshoot and analysis purposes. I'm running on Vista Enterprise (SP1).Please ask if more information is needed
February 19th, 2009 6:27am
Hi Giggster,see if these articles of my colleague Daniel Petri help:http://www.petri.co.il/event_logs_archiving_with_gpo.htmhttp://www.petri.co.il/vista-event-viewer.htm[If this post helps to resolve your issue, click the "Mark as Answer" or "Helpful" button at the top of this message. By marking a post as Answered, or Helpful you help others find the answer faster.]
Vincenzo Di Russo - Microsoft MVP Windows Internet Explorer, Windows Desktop Experience & Security - Since 2003. ~ My Blog: http://blogs.dotnethell.it/vincent/
Free Windows Admin Tool Kit Click here and download it now
February 19th, 2009 9:53am
Thanks for the solution but I have decided to extend the log size limit instead. I want to do this via ADM file which will be upload to the GPO.Something is wrong with my code, because the value is not changing in the registry. Could someone please change or advise me on what to change in the code to make this work for all the event viewer log sizes?ADM code:
CLASS MACHINE
CATEGORY !!CategoryName
POLICY !!L_ApplicationLog KEYNAME "SYSTEM\CurrentControlSet\Services\Eventlog\Application"PART !!L_App VALUENAME MaxSize VALUEON NUMERIC 6000000VALUEOFF NUMERIC 2097152END PARTEXPLAIN !!L_ApplicationExplain END POLICY
POLICY !!L_SecurityLog KEYNAME "SYSTEM\CurrentControlSet\Services\Eventlog\Security"PART !!L_Sec VALUENAME MaxSize VALUEON NUMERIC 12000000VALUEOFF NUMERIC 5242880END PART
EXPLAIN !!L_SecurityExplain END POLICY
POLICY !!L_SystemLog KEYNAME "SYSTEM\CurrentControlSet\Services\Eventlog\System"PART !!L_sys VALUENAME MaxSize VALUEON NUMERIC 6000000VALUEOFF NUMERIC 2097152END PARTEXPLAIN !!L_SystemExplain END POLICY
END CATEGORY
;+++++++++++++++++++++++++++++++End User Class+++++++++++++++++++++++++++++++++++++++++++++;++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[Strings]CategoryName="Event Viewer Log Size"L_ApplicationLog = "Event Viewer Application log size"L_ApplicationExplain ="Sets the default application log size for GIDv1 machine to 6 megabytes"L_SecurityLog = "Event Viewer Security log size"L_SecurityExplain ="Sets the default security log size for GIDv1 machine to 12 megabytes"L_SystemLog = "Event Viewer System log size"L_SystemExplain ="Sets the default system log size for GIDv1 machine to 6 megabytes"L_App = "Maximum Size of Log: "L_Sec = "Maximum Size of Log: "L_Sys = "Maximum Size of Log: "
March 14th, 2009 8:01am