Audit Log Archiving Policy
Audit Log Archiving Policy definitions are convenient filters for archived Windows Security Logs only
These definitions should not be modified unless absolutely necessary
These definitions help to reduce data bloat of unnecessary records that Windows generates
This filters prevent Event Logs matching the criteria from being parsed and archived into the database
The Audit Log Archiving Policy definitions are applied automatically, based on the type of server that is being archived
Policy Criteria To Filter Windows Security Event Log
This section allows customers to define the filters to apply
Multiple filters use an implicit AND operation unless the OR operator is added
If multiple filters are specified, each filter must be wrapped within brackets
Policy Logic If Event Satisfies The Criteria
This defines whether the filters should be EXCLUDED or INCLUDED
Apply Policy To Windows Machines Of Role
As previously mentioned, these policies are automatically applied whenever a Security Log is archived from a remote machine, whether it is a Domain Controller, server, or workstation
This section allows customers to apply the policy based on the role
For example, Domain Controllers may have stricter filters than member servers