The following pages contain information about the default audit settings on Windows operating systems, how you can change these settings, how you can increase the size of the event logs, how all of this should be done via domain controller policies and on stand-alone servers/workstations.
An Audit policy determines the security events to report to administrators so that user or system activity in specified event categories is recorded. The administrator can monitor security-related activity, such as who accesses an object, when users log on to or log off from computers, or if changes are made to an Audit policy setting. For all of these reasons, Microsoft recommends that you form an Audit policy for an administrator to implement in your environment.
When many events logs are being generated, the possibility exists that events are being overwritten to quickly, which causes that important information would be lost. Increasing the maximum size of the Windows Event Logs might help to store events longer on each computer.