Active Administrator - Setting the Security Event Log Size
This article describes what can happen if the Security Event log becomes full and how to prevent any problems.
When configuring the Default Domain Controller policy for auditing in Active Directory many events may be set to success and/or failure depending on the needs of the organization.
If the security event log is not configured to overwrite events as needed, this can cause the log to become full. This will have a negative impact on the Active Administrator agent's ability to gather events and send them over to the the database for reporting purposes.
A message may also be displayed when the server is rebooted that the security event log is full.
Since Domain Controllers each have their own security log, each DC will therefore need to have the setting changed to "Overwrite events as needed" under their security event log settings.
Follow these steps in order to accomplish the above setting.
1. Open the Event Viewer.
2. Right Click on the Security Log and go to properties.
3. Under the option for the log size select the option "Overwrite events as needed" under the "When maximum log size is reached" section.
This will cause the events to be overwritten when the log is full.