Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Security event log filling up and slowing the network down

Posted on 2009-04-10
5
Medium Priority
?
320 Views
Last Modified: 2012-05-06
I've been noticing something lately. One of our domain controllers (also our network file server) has had its Security event log reaching the max size. When this happens, the network's performance becomes terrible: lots of slowness across the board, especially on our Citrix servers. Once I clear the event log on this server, performance returns to normal. The Security log isn't filling up with any errors. It's just the usual "Success Audit" entries (Privilege Use and Logon/Logoff). It just seems like it fills up very quickly. I last cleared it about an hour and a half ago, and it's already up to 25,144 entries.

Does anyone have any ideas as to why this is happening? Equally important, does anyone know a better solution than clearing the event log every day or two? It's starting to become understandably annoying. :)

There are three domain controllers and four Citrix servers. They are all running Windows Server 2003 SP2 (with the exception of the file server, which is running Windows Server 2003 SP1).
0
Comment
Question by:elorc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 6

Accepted Solution

by:
mickeyfan earned 750 total points
ID: 24115916
This is normal actually. You can do one of 3 things. continue what you are doing. or you can change the setting with in Event viewer to state over right events old than x amount of days or over right as needed. You can in crease the size of the log as well if you want to keep a longer event log.

right click security -> properties

You could also set the audit policy within the GPO to not track those events but i would not do that since you do want to track activity.
0
 
LVL 39

Assisted Solution

by:ChiefIT
ChiefIT earned 750 total points
ID: 24115971
mickyfan is correct.

You can change what is audited and put into security logs. Some admins elect not to display successful audits.

Micky is also right that you can increase the log sizes.

He is also right that this is normal behavior to slow down the LAN.

More about your event logs:
http://msdn.microsoft.com/en-us/library/ms731669(VS.85).aspx

How to supress successful logons in event logs:
http://support.microsoft.com/kb/264769
0
 
LVL 1

Author Comment

by:elorc
ID: 24116002
I have it set to "Overwrite events as needed" currently. I don't know if it can't keep up or what, but the lag doesn't seem to improve until I actually clear the log. I increased the maximum log size to 150,016 to see if that will help.

0
 
LVL 1

Author Comment

by:elorc
ID: 24116077
Ok I tried increasing the size of the log, and I also set it to not show successful privilege use. I'll see if that makes a difference and take it from there. Thanks.
0
 
LVL 1

Author Closing Comment

by:elorc
ID: 31568913
This seems to have made a noticeable improvement. Thank you!
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Learn about cloud computing and its benefits for small business owners.
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question