UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Event log sizes do not meet minimum requirements.


Overview

Finding ID Version Rule ID IA Controls Severity
V-1118 5.002 SV-29487r2_rule ECRR-1 Medium
Description
Inadequate log size will cause the log to fill up quickly and require frequent clearing by administrative personnel.
STIG Date
Windows 2003 Domain Controller Security Technical Implementation Guide 2015-06-03

Details

Check Text ( C-509r1_chk )
Analyze the system using the Security Configuration and Analysis snap-in.
Expand the Security Configuration and Analysis tree view.
Navigate to Event Log -> Settings for Event Logs.

If the value for “Maximum application log size” is not set to a minimum of “16384 kilobytes”, then this is a finding.

If the value for “Maximum security log size” is not set to a minimum of “81920 kilobytes”, then this is a finding.

If the value for “Maximum system log size” is not set to a minimum of “16384 kilobytes”, then this is a finding.


Documentable Explanation: If the machine is configured to write an event log directly to an audit server, the “Maximum log size” for that log does not have to conform to the requirements above. This should be documented with the IAO.


Note: Microsoft recommends that the combined size of all the event logs (including DNS logs, Directory Services logs, and Replication logs on Servers or Domain Controllers) should not exceed 300 megabytes. Exceeding the recommended value can impact performance.

Fix Text (F-5808r1_fix)
Configure the system to have the required minimum Event log sizes.