0x6d69636b
commented
1 year ago I am assuming that you have used the finding_list_0x6d69636b_machine list and have configured the log size directly and without any (local) group policies.
In this list, I check the event log size defined by a group policy (registry path HKLM:\Software**Policies*\Microsoft\Windows\EventLog\), which overrides any direct configuration. If the event log size is changed directly and no policy is used, then the check fails. I recommend configuring a system with policies, even if it is a standalone.
If you just want to check only the current settings, you can change the registry path in the csv to HKLM:\SYSTEM\CurrentControlSet\Services\EventLog...
so i have been playing around and seems the result for eventlog sizes is wrong. the tool seems to in my test cases alwasy report 4096 when this is not correct.
[$] ID 1728, Event Log Service: Application: Specify the maximum log file size (KB), Result=4096, Recommended=32768, Severity=Medium [$] ID 1729, Event Log Service: Security: Specify the maximum log file size (KB), Result=4096, Recommended=196608, Severity=Medium [$] ID 1730, Event Log Service: System: Specify the maximum log file size (KB), Result=4096, Recommended=32768, Severity=Medium