Audit Log Settings (Service)
Use this dialog box to define a maximum log size and what Windows should do if the service's audit log becomes full.
In the Maximum log size parameter you can specify the maximum size of the log file (in kilobytes). The log file is creating and used only by the Windows Event Log service. This file is usually located in the %SystemRoot%\system32\config directory and has the DeviceLo.evt name.
To specify what Windows should do when an event log is full (when Maximum log size is reached) select one of these options:
- Overwrite events as needed - the system will overwrite old events if Maximum log size is reached.
- Overwrite events older than - specifies that records that are newer than this value will not be overwritten (specified in days).
- Do not overwrite events (clear log manually) - the system will not overwrite old events if Maximum log size is reached and you will need to clear events manually.
NOTE: When the event log is full and there are no records that Windows can overwrite, then DeviceLock Service is unable to write new audit records to this log.
If you wish to reset current settings to the default values, use the Restore Defaults button. Default values are:
- The Maximum log size parameter is set to 512 kilobytes.
- The Overwrite events older than option is selected and set to 7 days.