Authentication violation logs record the violations occurred during the authentication process of endpoint users.
Too many records will degrade the database performance, therefore the system clear expired authentication violation logs every day. The time how long the logs are kept in the database is determined by the log lifetime setting in the service parameters.
This function is effective only when the policy server is enabled.