We have a policy of Application, Security and System logs are set to not overwrite. The idea is we are supposed to be offloading the events to another secure system. In our case it's this program called Event Sentry. Maybe you've heard of it?
I'm wondering how other people handle clearing out the event logs. Do you run a script of some sort or do you manually go in and delete the logs? Or are you using the 'EventLogFull' package?
I've barely touched the new 'EventLogFull' package except to do a global assign of the package and set the notification. But it's not finding the systems I know are full either. I assume it's looking for the 6000 eventid but I'm not getting those in my logs. They just fill up and stop. So no notifications are being sent.
I'm in the middle of a security audit so I can't look too closely at this but I wanted to bring it up.