Log Retention Policy

Ensure that event logs are preserved and configured properly to avoid tampering and to retain necessary data.

• Maximum log size: Set the maximum size for event logs to avoid log overflow or missing crucial events.

  • Path: Computer Configuration -> Windows Settings -> Security Settings -> Advanced Audit Policy Configuration -> Event Log.

• Audit log retention: Enforce a log retention policy so that logs are regularly archived or exported before they are overwritten.

  • Path: Computer Configuration -> Windows Settings -> Security Settings -> Advanced Audit Policy Configuration -> Event Log -> Retention Method for Security Log.