Windows Server 2003.
Is there any way to easily rotate event logs (or automatically clear and save)? I'm doing a bit of auditing on this machine and my security log gets real big real quick and every couple of weeks I have to remember to save and clear it out.
Yeah I could rely on backup jobs and enable overwriting…but it would be nicer if I could just get Windows to automatically save and clear the log when it's nearing capacity.
Best Answer
It seems like most people don't know about this feature, but Windows will rotate the log files automatically if so-configured. Look for "AutoBackupLogFiles" in this file.
You can configure this on a server-for-server basis, but that's tedious for a large number of servers. I created an Administrative Template to set this on server computers, and then scripted a startup script to add a scheduled task to periodically pick up, ZIP, and move the log files to a retention location. It worked really well, and was cheap!
http://mx02.wellbury.com/misc/EventLogPolicy.adm