There are a few things to consider when scheduling the backing up and/or clearing of event logs.
Backing up Event Logs
When backing up the event logs you might need to take extra steps when logging to a non-local drive (network share). This is because the EventSentry agents run under the security context of the "LocalSystem" by default. This built-in account has administrative privileges on the local system, but by default does not have any permissions on remote computers and network shares. As such, an event log backup to a remote network share will most likely fail if you do not take additional configuration steps.
You have two options to work around this issue:
•Run the EventSentry agent(s) under a domain user account that has administrative privileges on the servers it monitors and also has permissions to write to the network share.
•Configure the network share to allow the remote computer account (e.g. TIBET$) to have write access.
Both examples are explained further in our KB article 18.
Backing up AND Clearing Event Logs
If you configure EventSentry to backup and clear the event logs with the same schedule to a network share then you will need to take extra steps to work around a limitation of Microsoft Windows. This is because EventSentry (or Windows) will authenticate to the remote share using the credentials the "Event Log" service is running under, the "LocalSystem" account by default.
Please see our KB article 21 and the MS KB article 329974 (section MORE INFORMATION on the bottom) for more information and a solution.
