No announcement yet.

Event Log archiving

  • Filter
  • Time
  • Show
Clear All
new posts

  • Event Log archiving

    Hello I am trying to setup event log archiving on a windows 2003 server in a win2k active dir domain. On the server in question I have set the registry key under "SYSTEM\CurrentControlSet\Services\EventLog\Securi ty"
    VALUENAME "AutoBackupLogFiles" to 1. Auto archiving seems to be working fine but it appears for whatever reason once it archiving it resets the retention to overwrite as need instead of the do not overwrite which I have set. It also sets the max log size to something else I had configured it a long time ago. I do not have a GPO anywhere else defined with this setting. I have used this web page to help but it does not cover this.

    I am not using the adm template as this key is already there on windows 2003. Any suggestions why this would occur?

  • #2
    Re: Event Log archiving

    The only thing I can think off is that its overwritten by a policy (default policy refresh time 90 -120 minutes).
    Are you sure that no policies, not even local policies are in place?
    Set-Location Malibu Beach



    • #3
      Re: Event Log archiving

      is the server located in an OU that has GPO exclusions?

      there is a m$ page on this topic as well. it uses a VB script instead of an ADM template. you may want to give it a try and see if it will help you out any...

      Back Up and Clear an Event Log
      its easier to beg forgiveness than ask permission.
      Give karma where karma is due...


      • #4
        Re: Event Log archiving

        No I just rechecked. It appear event log setting for GPO's for local policy have to be custom created so we deffintlay do not have this.


        • #5
          Re: Event Log archiving

          Also the GPO does little for this autoarchiving other than set my auditing params. To turn on autoarchiving I set the autobackup log files to 1 and then went manually to set the retention to DO not overwrite evnets(clear logs manully). Am I missing something. I went to follow the guide but looking at the adm file it basically does the same thing as the steps i just described.


          • #6
            Re: Event Log archiving

            I found this link and it appears to have fixed the issue.

            Last edited by rwilson; 14th March 2008, 20:19.