This is exactly what I needed.
And if anyone is interested, here is an ADM I wrote to deploy the settings (works the same on W2K3):
(might wrap)
########### Cut here ################
#if version >= 3
CLASS MACHINE
CATEGORY !!System
CATEGORY !!EventViewer
#if version >= 4
EXPLAIN !!EventViewer_Help
#endif
POLICY !!AutobackupSecLog
#if version >= 4
SUPPORTED !!SUPPORTED_Win2k
#endif
EXPLAIN !!AutobackupSecLogHelp
KEYNAME "SYSTEM\CurrentControlSet\Services\EventLog\Security"
VALUENAME "AutoBackupLogFiles"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY
POLICY !!AutobackupAppLog
#if version >= 4
SUPPORTED !!SUPPORTED_Win2k
#endif
EXPLAIN !!AutobackupAppLogHelp
KEYNAME "SYSTEM\CurrentControlSet\Services\EventLog\Application"
VALUENAME "AutoBackupLogFiles"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY
POLICY !!AutobackupSysLog
#if version >= 4
SUPPORTED !!SUPPORTED_Win2k
#endif
EXPLAIN !!AutobackupSysLogHelp
KEYNAME "SYSTEM\CurrentControlSet\Services\EventLog\System"
VALUENAME "AutoBackupLogFiles"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY
END CATEGORY ; Event Viewer
END CATEGORY ;; System
#endif
[strings]
System="System"
EventViewer="Event Viewer"
EventViewer_Help="Event Viewer specific settings"
AutobackupSecLog="Automatically clear a full security event log and back up the log file"
AutobackupSecLogHelp="Using this entry causes the Event Log service to automatically clear a full event log and to back up the log file. On computers with the "CrashOnAuditFail" policy turned on, the computer continues to log events (instead of hanging because of an audit failure) if the current log file can be backed up automatically. By default, event logs are stored in the %SystemRoot%\System32\Config folder. If you enable this setting, a full log file is automatically backed up in the %SystemRoot%\System32\Config folder, the log file is cleared, and event logging resumes."
AutobackupAppLog="Automatically clear a full application event log and back up the log file"
AutobackupAppLogHelp="Using this entry causes the Event Log service to automatically clear a full event log and to back up the log file. On computers with the "CrashOnAuditFail" policy turned on, the computer continues to log events (instead of hanging because of an audit failure) if the current log file can be backed up automatically. By default, event logs are stored in the %SystemRoot%\System32\Config folder. If you enable this setting, a full log file is automatically backed up in the %SystemRoot%\System32\Config folder, the log file is cleared, and event logging resumes."
AutobackupSysLog="Automatically clear a full system event log and back up the log file"
AutobackupSysLogHelp="Using this entry causes the Event Log service to automatically clear a full event log and to back up the log file. On computers with the "CrashOnAuditFail" policy turned on, the computer continues to log events (instead of hanging because of an audit failure) if the current log file can be backed up automatically. By default, event logs are stored in the %SystemRoot%\System32\Config folder. If you enable this setting, a full log file is automatically backed up in the %SystemRoot%\System32\Config folder, the log file is cleared, and event logging resumes."
SUPPORTED_Win2k="At least Microsoft Windows 2000"
########### Cut here ################
Guy
On Tue, 2004-08-24 at 11:48, Ulf B. Simon-Weidner wrote:
Hi Guy, took me a while to find the Article again, here it is: 312571 The Event Log Stops Logging Events Before Reaching the Maximum Log Size http://support.microsoft.com/?ln=en&id=312571 It describes how you are able to configure a feature to automatically dump the eventlog into a file if it reaches it's maximum length. You do have to take care what to do with those dumps and delete them from the machine, but this helps to keep the filespace used by dumps somewhat dynamic but not to big. I've included this in some of the backup jobs at customers to move the dumpfiles away daily, so no worries if the events logged at a specific day would be more than the memory allowed for the log, and no events are lost. HTH Gruesse - Sincerely, Ulf B. Simon-Weidner > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:ActiveDir- > [EMAIL PROTECTED] On Behalf Of Guy Teverovsky > Sent: Saturday, August 21, 2004 2:48 AM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] By design or configurable ? > > > In my environment, when W2K3 DC boots with security logs full, the > replication from that DC stops till the security log is cleared and the > box is rebooted. > The interesting thing is that after the security logs become full (while > the box is online) the replication continues to work till the box is > rebooted with full log. > > So the question is whether this can be prevented (we do have a routine > which takes care of security logs archiving, but it failed on one of the > DCs and I would like to prevent the replication from breaking again). > > And another OT question: > When logging on to XP with cached credentials, is the Kerberos ticket > cached too ? And if yes, what happens when the ticket expires and the > box is reconnected to the network: will it seamlessly try to renew the > ticked ? > > Thanks, > Guy > > -- > Smith & Wesson - the original point and click interface > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
-- Smith & Wesson - the original point and click interface |
