Event logs contain important information for use in troubleshooting and information security investigations. Infrastructure and security teams should make make a conscious decision about retention of their important event logs so data is available on an endpoint when needed. The easiest way to set retention is to specify a max file size for the event log. After reaching this size, the oldest events will be overwritten with new.
Setting the max size of the standard Application, Security, Setup, and System event logs via GPO to standardize the settings across a domain is easy. But setting the max size for other logs, such as those under Applications and Services Logs → Microsoft within Event Viewer, is not as straight forward.
Continue reading Increasing Applications and Services Event Logs size With regedit and GPO