I recently found my Windows Server 2008 domain controllers were rapidly running out of disk space. Turns out that by default they archive all their windows logs as they hit the maximum allowed size. Currently we have a mix of 2003 and 2008 DC's. The obvious answer for me was to create a group policy for all servers to enable the logs to overwrite as needed with a maximum size that was suitable for at least a days worth of logs as we have NetIQ setup to harvest the logs centrally. This worked fine on the 2003 machines but didn't seem to be working on the 2008's. Digging a little further I found a registry setting called AutoBackupLogFiles which isn't changed by the Retention Method in the group policy.
The REG_DWORD is in the following location under a key for each individual log and must be set to 0 for the logs to overwrite as needed:
The REG_DWORD is in the following location under a key for each individual log and must be set to 0 for the logs to overwrite as needed:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Handily with 2008 group policies I could create a registry preference to update this for each log and now all my servers overwrite the logs and don't just fill the hard drive with them.
No comments:
Post a Comment