Vulnerability V-254359

If the system is configured to write events directly to an audit server, this is not applicable. The registry configuration setting below must be set (at least) to a value equal to the size needed to contain one week's worth of audit records in the security event log. The value used below is an example that assumes a typical week’s log size of 5GB. If the following registry value does not exist or is not configured as specified, this is a finding: Note: The following registry entry is an example; the value must equal at least one week's worth of records. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\Windows\EventLog\Security\ Value Name: MaxSize Type: REG_DWORD Value:0x49960800 (5120000) (or greater)

Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Event Log Service >> Security >> Specify the maximum log file size (KB) to "Enabled" with a "Maximum Log Size (KB)" of a value that will contain one week of audit records or greater.