Here is a way to scan for the settings of your Event Viewer Application, Security, and System logs?

1. The registy keys that holds this information is located:

     a.     HKLM\System\controlset001\services\Eventlog\Application
     b.     HKLM\System\controlset001\services\Eventlog\Security
     c.     HKLM\System\controlset001\services\Eventlog\System

2. On the core server browse to the Program Files\LANDesk\ManagementSuite\ldlogon directory and open up your ldappl3.template file with notepad.

3. Scroll down till you see the [Registry Info] section:

4. At the end of the [Registry Info] section paste in the following lines. You can modify them so the information is stored in a different location than the custom directoy if you wish, but this is where I put them:

;Event Viewer Application settings
KEY=HKLM,SYSTEM\ControlSet001\Services\Eventlog\Application,MaxSize,Custom Data - Event Viewer Settings - Application Max Size
KEY=HKLM,SYSTEM\ControlSet001\Services\Eventlog\Application,Retention,Custom Data - Event Viewer Settings - Application Retention

;Event Viewer Security settings
KEY=HKLM,SYSTEM\ControlSet001\Services\Eventlog\Security,MaxSize,Custom Data - Event Viewer Settings - Security Max Size
KEY=HKLM,SYSTEM\ControlSet001\Services\Eventlog\Security,Retention,Custom Data - Event Viewer Settings - Security Retention

;Event Viewer System settings
KEY=HKLM,SYSTEM\ControlSet001\Services\Eventlog\System,MaxSize,Custom Data - Event Viewer Settings - System Max Size
KEY=HKLM,SYSTEM\ControlSet001\Services\Eventlog\System,Retention,Custom Data - Event Viewer Settings - System Retention

5. Here is a break down of what this line means so you can put the information in different locations, name the folders differently etc.

     a. KEY=HKLM,SYSTEM\ControlSet001\Services\Eventlog\Application,MaxSize,Custom Data - Event Viewer Settings - Application Max Size

          This is the first location. Although they list the HKCU (HKEY_CURRENT_USER) in this list in the ldappl3 file, we can't bring information back from here.

          1. HKLM = HKEY_LOCAL_MACHINE

          2. HKCR = HKEY_CLASSES_ROOT

          3. HKCU = HKEY_CURRENT_USER

          4. HKU  = HKEY_USERS

          5. HKCC = HKEY_CURRENT_CONFIG

     b. KEY=HKLM,SYSTEM\ControlSet001\Services\Eventlog\Application,MaxSize,Custom Data - Event Viewer Settings - Application Max Size

          1. This is the path to the key. It is only to the folder so you won't be putting the key name in this section.

     c. KEY=HKLM,SYSTEM\ControlSet001\Services\Eventlog\Application,MaxSize,Custom Data - Event Viewer Settings - Application Max Size

          1. This is the name of the key that you are trying to bring back

     d. KEY=HKLM,SYSTEM\ControlSet001\Services\Eventlog\Application,MaxSize,Custom Data - Event Viewer Settings - Application Max Size

          1. This is the location you will see the information in your inventory and queries.

6. Save your ldappl3.template

7. Log into your console and go to Tools > Report / Monitoring > Software License Monitoring and click on the 'Make Available to Clients'.

8. On a machine run the inventory scanner with a /F /Sync switches a couple times to make sure a Software scan is done. You can do this from the Start > Run command line if you wish. I would look like this:

"C:\Program Files\LANDesk\LDClient\LDISCN32.EXE" /NTT=Your Core name here:5007 /S=Your Core name here  /I=HTTP://Your Core name here/ldlogon/ldappl3.ldz /V /F /SYNC

9. You should now be able to do a query for this information. Since I put mine in the custom data folder this is what it would look like:

You can modify what registry keys you bring back, what it is named in the database, and the location if you wish..