Title

Event log sizes do not meet minimum requirements. (Cat II impact)

Discussion

Inadequate log size will cause the log to fill up quickly and require frequent clearing by administrative personnel.

Check Content

Analyze the system using the Security Configuration and Analysis snap-in. Expand the Security Configuration and Analysis tree view. Navigate to Event Log -> Settings for Event Logs. If the value for “Maximum application log size” is not set to a minimum of “16384 kilobytes”, then this is a finding. If the value for “Maximum security log size” is not set to a minimum of “81920 kilobytes”, then this is a finding. If the value for “Maximum system log size” is not set to a minimum of “16384 kilobytes”, then this is a finding. Documentable Explanation: If the machine is configured to write an event log directly to an audit server, the “Maximum log size” for that log does not have to conform to the requirements above. This should be documented with the IAO. Note: Microsoft recommends that the combined size of all the event logs (including DNS logs, Directory Services logs, and Replication logs on Servers or Domain Controllers) should not exceed 300 megabytes. Exceeding the recommended value can impact performance.

Fix Text

Configure the system to have the required minimum Event log sizes.

Additional Identifiers

Rule ID: SV-29486r1_rule

Vulnerability ID: V-1118

Group Title: Event Log Sizes

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.