DeviceLock Enterprise Server : Using Log Viewers : Audit Log Viewer (Server) : Audit Log Settings (Server)
  
Audit Log Settings (Server)
To control the log size and server actions when the log is overflowing, select the Settings command from the shortcut menu of this log viewer in the console tree. Then, view or change the settings in the dialog box that appears.
Select the Control log size check box to allow the server to control the number of records in the log and delete outdated records. If this check box is cleared, the server uses all available database space to store the log.
The log size can be controlled by the retention period or number of records:
Keep events for last <number> days - When this option is selected, the log stores records no older than the number of days specified (365 days by default).
Maximum log size: <number> records - When this option is selected, the log stores no more than the specified number of records. In this case, you must select the server action to be performed when the log reaches the maximum size:
Overwrite events as needed - New event records continue to be stored when the maximum log size is reached. Each record of a new event replaces the oldest record in the log.
Overwrite events older than <number> days - New event records replace only records stored longer than the number of days specified. The supported setting is up to 32,767 days.
Do not overwrite events (clear log manually) - New event records are not added when the maximum log size is reached. To enable the server to add new records, the log must be cleared by hand.
 
Note: The server removes old records either by the date indicated in the Received Date/Time column (for records received directly from the DeviceLock Service) or by the date indicated in the Consolidated Date/Time column (for records received from other servers using consolidation).
To use the default log size, select the option Maximum log size and click Restore Defaults. The default log size settings are as follows:
Maximum log size: 10,000 records
Overwrite events older than 7 days
If the audit log has no space for new records and log settings do not allow the deletion of old records, the server does not remove audit data from users’ computers. This prevents the loss of audit data due to lack of space in the log. When some space becomes available in the log, the server moves the remaining audit data from the users’ computers to this log.
 
Note:  
The actual number of event records may temporarily exceed the limit set forth in the log settings, as the cleanup of the log is performed no more than once every 30 minutes to reduce the load on the SQL server.
If multiple DeviceLock Enterprise Servers use the same database, then the actual number of event records may slightly exceed the limit set forth in the log settings.
The log settings are stored in the database, and are relating to the log rather than to the server. All DeviceLock Enterprise Servers that use the same database have the same log settings.