Retain old events (Application)ID: oval:org.secpod.oval:def:18960 | Date: (C)2014-05-29 (M)2023-07-04 |
Class: COMPLIANCE | Family: windows |
The Retain old events machine setting should be configured correctly for the application log.
This policy setting controls Event Log behavior when the log file reaches its maximum size. Old events may or may not be retained according to the Backup log automatically when full policy setting.
Fix:
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Application\Retain old events
(2) KEY: HKLM\Software\Policies\Microsoft\Windows\EventLog\Application\Retention
Platform: |
Microsoft Windows Server 2008 R2 |