Information
This setting can generate a security audit in the Security event log when the log reaches a user-defined threshold.
The recommended state for this setting is: Enabled: 90% or less
Note: If log settings are configured to Overwrite events as needed or Overwrite events older than x days, this event will not be generated.
If the Security log reaches 90 percent of its capacity and the computer has not been configured to overwrite events as needed, more recent events will not be written to the log. If the log reaches its capacity and the computer has been configured to shut down when it can no longer record events to the Security log, the computer will shut down and will no longer be available to provide network services.
Solution
To establish the recommended configuration via configuration profiles, set the following Settings Catalog path to Enabled: 90% or less
Administrative Templates\MSS (Legacy)\MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning
Impact:
An audit event will be generated when the Security log reaches the 90% percent full threshold (or whatever lower value may be set) unless the log is configured to overwrite events as needed.