We have a policy to retain our security log files for 90 days. Our domain policy is setup to auto archive the logs instead of overwriting them. The problem is that the 90 day rule doesn’t stick since there aren’t any entries in the current log file for longer than 90 days. Over the course of the year the log files will eventually fill up our servers c:\ drive.
A quick remedy….
forfiles -p "c:\windows\system32\winevt\logs" -s -m Archive-Security* -d -90 -c "cmd /c del @path"
