Custom trace buffer size for sysmon
Is there any way to set custom size of trace buffers of data collector for sysmon?
I started sysmon with "Sysmon64.exe -accepteula -i sysmon-config.xml" and then looked at performance counter "Event Tracing for Windows" -> "Events lost". This counter consiquently grows. In counter description wrote: "Events are lost due to limited space in the session's buffers. To avoid lost events, consider increasing the buffer size or the number of buffers."
In Performance Monitor I found: "Data Collector Sets" -> "Event Trace Sessions" -> "EventLog-Microsoft-Windows-Sysmon-Operational" -> RMB -> "Properties" -> "Trace Buffers", but even Administrator's privileges not enough to change this values. If I stop sysmon with "Sysmon64.exe -u" then I'm able to change them, but when sysmon starts the values resets.