DeviceLock Service : Managing DeviceLock Service for Windows : Audit Log Viewer (Service) : Audit Log Settings (Service)
  
Audit Log Settings (Service)
To define a maximum log size and what Windows should do if the audit log becomes full, choose Settings from the shortcut menu of Audit Log Viewer or click on the toolbar.
The Maximum log size parameter specifies the maximum size of the log file (in kilobytes). The log file is created and used only by the Windows Event Log service. Normally, this file is located in the folder %SystemRoot%\system32\config, and has the DeviceLo.evt name.
To specify what Windows should do when the event log is full (that is, when the maximum log size is reached), select one of these options:
Overwrite events as needed - New events continue to be stored when the log is full. Each new incoming event replaces the oldest event in the log.
Archive the log when full, do not overwrite events - The log is automatically archived when necessary. No events are overwritten.
Do not overwrite events (clear log manually) - New events are not stored when the log is full. To store new events, the log must be cleared by hand.
If DeviceLock Service runs on Windows Server 2003, Windows XP or an earlier version of the Windows operating system, the following option appears instead of the option to archive the log when it is full:
Overwrite events older than <number> days - New events replace only those events that are older than the specified number of days.
 
Note: When the event log is full and there are no records that Windows can overwrite, then DeviceLock Service is unable to write new audit records to this log.
To apply the default settings, click Restore Defaults. The default settings are as follows:
The Maximum log size parameter is set to 20480 kilobytes.
In case of Windows Server 2003, Windows XP or an earlier version of the Windows operating system, the Maximum log size parameter is set to 512 kilobytes.
The Archive the log when full, do not overwrite events option is selected.
In case of Windows Server 2003, Windows XP or an earlier version of the Windows operating system, the Overwrite events older than <number> days option is selected with the number of days set to 7.
 
Note: In the DeviceLock Service Settings Editor and DeviceLock Group Policy Manager consoles, regardless of the operating system version, the option Overwrite events older than <number> days is displayed instead of the option Archive the log when full, do not overwrite events and the default settings are as follows: the Maximum log size parameter is set to 512 kilobytes; the Overwrite events older than <number> days option is selected with the number of days set to 7.