We are getting an email from ES from Compliance Tracking from each of our DC's, event ID 10807.
The requested auditing policies have been adjusted, but the "Log Size" properties of the Security event log are not configured properly. In order for tracking features to work reliably it is recommended that you reconfigure the security event log (with "Event Viewer") to "Overwrite events as needed".
Now on each if I right click the Security event log and go to properties, the maximum log size is 16384 and the radio button next to Overwrite events as needed is already checked. So my question is why does this say to check that radio button if it is ALREADY checked?
I will be trying to exclude it. I pushed out the config but as soon as it pushed I got these two messages again (one from each DC).