Windows log file sizing

5th April 2021

By default Windows uses a Rotating log file which means that when the log file gets full, the oldest entries automatically get over written. the default log size is 128mb which is ridiculously small but they needed a default.

Options:

Keep rotating logs and size them to keep 3 weeks of logs while doing a full backup every week.
Pros: you are never in danger of running your DC out of disk space
Cons: an attack could fill your log files and overwrite evidence of their mis-doings.

Archive logs when full, Windows starts a new log and keeps the old log around to be backed up.
Pros: attacker can’t overwrite evidence
Cons: enough logs could consume all the disk space on your DC causing it to crash, IF you leave the logs at their default location. To avoid this set the log file location to a different disk, make sure it has secure file share settings.

some more info