Event log retention

by Mitch Tulloch [Published on 26 May 2006 / Last Updated on 26 May 2006]

How to configure event log retention in Windows Vista.

Windows Vista now lets you configure event logging settings more than ever before using Group Policy. One of the new settings you can configure is event log retention. By default, when an event log such as the Application log becomes full, oldest events are overwritten by newer ones. You can prevent this from happening by configuring local Group Policy as follows:

1. Type gpedit.msc in the Start Search box and hit Enter.

2. Click Continue when the UAC prompt appears.

3. Navigate to the following policy location:

Computer Configuration\Administrative Templates\Windows Components\Event Log Service

4. Look under Application, Security, Setup or System to configure settings for the log desired.

5. Enable the following policy setting:

Retain old events

If you enable this setting, any new events written to a log that is full are discarded instead of overwriting old events. As a result, if you want to consider using this setting you should also back up your event logs when they become full--this is covered in my next tip.

Cheers,
Mitch Tulloch, MVP
http://www.mtit.com

The Author — Mitch Tulloch

Mitch Tulloch is a well-known expert on Windows Server administration and cloud computing technologies. He has published over a thousand articles on information technology topics and has written, contributed to or been series editor for over 50 books.

Latest Contributions

Group Policy and WMI Filtering 13 Oct. 2016
Accessing hidden boot options in the BIOS 12 Oct. 2016
Disallowed Characters for Filenames 11 Oct. 2016
How to Learn PowerShell DSC 6 Oct. 2016
SSDs in servers 5 Oct. 2016

Register Now for Office365 CON - 2017 Online Conference!

Early registration is now open for Office365 CON 2017, the annual online gathering of IT Strategists, Microsoft MVPs and Messaging Technology Vendors. This convenient, annual online event is presented by TechGenix and MSExchange.org for the benefit of busy IT Professionals within the global Office 365 and MS Exchange communities.

Early registrants for this year's conference will also receive a Symantec White Paper: Top 5 SSL/TLS Attack Vectors: How they have impacted IT and how you can avoid them , as well as an invitation to join a special Conference Preview broadcast.

Time and Date: Thursday, March 23, 2017, starting at 10am EDT | 9am CDT | 7am PDT

Newsletter Subscription

WindowsNetworking.com Sections

Featured Freeware

Download Free TFTP Server. The most trusted on the planet by IT Pros

Home
Articles & Tutorials
Building a PowerShell GUI (Part 13)

This article concludes the PowerShell GUI series by demonstrating a technique for changing a virtual machine’s memory allocation by using a GUI interface... Read More

Importance of Service Records (SRV) in an Active Directory Environment

SRV Records, sometimes referred to as Service Records, are required by services such as LDAP, KDC, Global Catalog, KMS and any other applications that registers SRV records to provide services to the clients... Read More

Articles & Tutorials Categories
KBase Tips
How do I list Active Directory Manual Replication Connection Objects?

Tip explains how to get manually created replication connection objects in an Active Directory Forest... Read More

Check Object Replication Status across Active Directory Forest

Tip explains how you can check object replication status Active Directory forest... Read More

Windows Server 2012/2008/2003/2000/XP/NT Administrator Knowledge Base Categories

Reviews
Free Tools
Blogs
Forums
White Papers
Contact Us

Community Area

Event log retention

See Also

The Author — Mitch Tulloch

Latest Contributions

Featured Links