The default size of an audit log file is 100 MB. You can change the value by using the setting _Audit_Logging_LogMaxSize. When the size reaches it maximum value, the log file is renamed and a new file is created as server_audit.YYYYMMDDHHMM.
When checked “server_audit.log” there’s no history from the previous weeks. The erver_audit.log is only 2KB.
No related found about audit logging in client setting. It’s a windows server.
My question is there any way causing it? where can I check it. How can I resolve it. Adding _Audit_Logging_LogMaxSize might not be the solution since my log is only a 2KB file.
Each time need to write in the server_audit.log file, the server checks the size of this file and in case rename it, starting to write in a new empty file … This to avoid this log file became too large ( it is a sort of log file rotation ) … the LogMaxSize setting permits just to modify the max size of this file, nothing else … If there’s no history in that file, this have nothing to do with this setting …
Definitely Bigfix does not delete stuff from the server_audit.log file …
One thought is that, if something is in edit on the file or the AV exclusion is not correctly in place, the server could be not able to write on that file … is it possible? https://help.hcltechsw.com/bigfix/9.5/platform/Platform/Config/c_real_time_av.html