Solved

Security event log filling up and slowing the network down

Posted on 2009-04-10
5
308 Views
Last Modified: 2012-05-06
I've been noticing something lately. One of our domain controllers (also our network file server) has had its Security event log reaching the max size. When this happens, the network's performance becomes terrible: lots of slowness across the board, especially on our Citrix servers. Once I clear the event log on this server, performance returns to normal. The Security log isn't filling up with any errors. It's just the usual "Success Audit" entries (Privilege Use and Logon/Logoff). It just seems like it fills up very quickly. I last cleared it about an hour and a half ago, and it's already up to 25,144 entries.

Does anyone have any ideas as to why this is happening? Equally important, does anyone know a better solution than clearing the event log every day or two? It's starting to become understandably annoying. :)

There are three domain controllers and four Citrix servers. They are all running Windows Server 2003 SP2 (with the exception of the file server, which is running Windows Server 2003 SP1).
0
Comment
Question by:elorc
  • 3
5 Comments
 
LVL 6

Accepted Solution

by:
mickeyfan earned 250 total points
ID: 24115916
This is normal actually. You can do one of 3 things. continue what you are doing. or you can change the setting with in Event viewer to state over right events old than x amount of days or over right as needed. You can in crease the size of the log as well if you want to keep a longer event log.

right click security -> properties

You could also set the audit policy within the GPO to not track those events but i would not do that since you do want to track activity.
0
 
LVL 38

Assisted Solution

by:ChiefIT
ChiefIT earned 250 total points
ID: 24115971
mickyfan is correct.

You can change what is audited and put into security logs. Some admins elect not to display successful audits.

Micky is also right that you can increase the log sizes.

He is also right that this is normal behavior to slow down the LAN.

More about your event logs:
http://msdn.microsoft.com/en-us/library/ms731669(VS.85).aspx

How to supress successful logons in event logs:
http://support.microsoft.com/kb/264769
0
 
LVL 1

Author Comment

by:elorc
ID: 24116002
I have it set to "Overwrite events as needed" currently. I don't know if it can't keep up or what, but the lag doesn't seem to improve until I actually clear the log. I increased the maximum log size to 150,016 to see if that will help.

0
 
LVL 1

Author Comment

by:elorc
ID: 24116077
Ok I tried increasing the size of the log, and I also set it to not show successful privilege use. I'll see if that makes a difference and take it from there. Thanks.
0
 
LVL 1

Author Closing Comment

by:elorc
ID: 31568913
This seems to have made a noticeable improvement. Thank you!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now