Event log retention

By /


Windows Vista now lets you configure event logging settings more than ever before using Group Policy. One of the new settings you can configure is event log retention. By default, when an event log such as the Application log becomes full, oldest events are overwritten by newer ones. You can prevent this from happening by configuring local Group Policy as follows:

1. Type gpedit.msc in the Start Search box and hit Enter.

2. Click Continue when the UAC prompt appears.

3. Navigate to the following policy location:

Computer Configuration\Administrative Templates\Windows Components\Event Log Service

4. Look under Application, Security, Setup or System to configure settings for the log desired.

5. Enable the following policy setting:

Retain old events

If you enable this setting, any new events written to a log that is full are discarded instead of overwriting old events. As a result, if you want to consider using this setting you should also back up your event logs when they become full–this is covered in my next tip.

Cheers,
Mitch Tulloch, MVP
http://www.mtit.com

About The Author

Mitch Tulloch is Senior Editor of both WServerNews and FitITproNews and is a widely recognized expert on Windows Server and cloud technologies. He has written more than a thousand articles and has authored or been series editor for over 50 books for Microsoft Press and other publishers. Mitch has also been a twelve-time recipient of the Microsoft Most Valuable Professional (MVP) award in the technical category of Cloud and Datacenter Management. He currently runs an IT content development business in Winnipeg, Canada.

Read Next

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top