Event Viewer Archiving

Question

I have file auditing turned on for my network file share, and I view logs in Event Viewer (Windows Logs>Security).

Event viewer continues to delete the oldest logs to create new ones when it is full, even though I have it set to "Archive Logs when full, do not overwrite events"

When going to %SystemRoot%\System32\Winevt\Logs, there are no archive logs created. I am not really understanding what I'm doing wrong, and why it isnt archiving as intended.

I even tried raising as well as lowering the Maximum Log Size, as I read in a different thread that it might be a possible fix. That has also done nothing for me.

OS Info:

Edition: Windows Server 2019 Standard
Version: 1809
OS Build: 17763.2686

Any help on this would be greatly appreciated, because as it is I am only able to view the last ~30ish minutes of logs before they get deleted.

Answer 1

Hi,

1. Does the issue only occur on Security logs? Or it occurs only all logs?
2. Please kindly check and install all latest windows update.
3. Try to set via Registry.
   HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog
   Create a registry sub-key to EventLog registry key. Name it as Security
   create a registry string (REG_SZ) named AutoBackupLogFiles and set it to 1
   

----------

If the Answer is helpful, please click "Accept Answer" and upvote it. Thanks.