I am using Group Policy to control our event logs. I have enabled "backup log automatically when full" and "retain old events". When the Security log gets full, it renames it as "Archive-Security-YYYY-MM-DD-XX-XX-XXX.evtx. So far so good. The problem is that the Archive log doesn't seem to have all of the events like the "current" log. See below.
Current Log
Archive Security Log
Notice that the current log has many different type of events and the achive log only has 4656 events (except for the entry where the event log is created and where the event log is full). Having a security log with missing information is not useful. Any suggestions to make sure the current log is converted to an archive log with no lost data? Am I looking at the wrong log?