Server Archived Log Files

1:02 pm Uncategorized

We have a policy to retain our security log files for 90 days. Our domain policy is setup to auto archive the logs instead of overwriting them. The problem is that the 90 day rule doesn’t stick since there aren’t any entries in the current log file for longer than 90 days. Over the course of the year the log files will eventually fill up our servers c:\ drive.

A quick remedy….

forfiles -p "c:\windows\system32\winevt\logs" -s -m Archive-Security* -d -90 -c "cmd /c del @path"

Leave a Comment

Your comment

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.