Defender Audit Logging can't show

When I go to Audit Logging it shows an error "Whoops, Defender had trouble loading up your event log. You can try a quick refresh? of this page or check back again later." When I try to just today logs it can load it but it can't load last 30 days. I tried to increase the memory_limit to 2048M but still can't solve. Also is there any way to delete old logs?

  • Predrag Dubajic
    • Support

    Hi Jeffrey,

    Hope you're doing well.

    I had a look at your installation and I was actually able to load the logs one time, but on the refresh it failed again.

    The thing is that your logs are huge, past 30 days there are over 20.000 entries, and in November only there's almost 40.000.
    Because of that menu entries the logs are quite large in size and it causes the fetch to timeout after certain time, which gives you the error you are seeing.

    So there's not much that could be done about that beside checking the logs while the server load is low.
    Or select your own dates to show less logs, this will take less time to fetch the data and shouldn't time out as the full month.

    Best regards,
    Predrag

  • Jeffrey Euen-Gow
    • Flash Drive

    Hi Predrag

    Is there a way to remove or limit the logs, I would not possibly need more than 1 weeks worth if logs I would think, and if it just keeps adding them without removing them then the situation will only get worse I would imagine as the more logs created the more data it uses and the more time it will take to load... So how do we manually remove them when not needed until you can automate this process?

    Thank you

  • Predrag Dubajic
    • Support

    Hi Jeffrey,

    I'm afraid that the logs can't be cleared at the moment, however it will not affect your data used on server because the logs are stored on our servers and it pulls the data from there.

    It only pulls the selected dates so if you select smaller timeframe it will require less data to pull and it will not timeout.

    Best regards,
    Predrag

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.