Solved

Security event log filling up and slowing the network down

Posted on 2009-04-10
5
312 Views
Last Modified: 2012-05-06
I've been noticing something lately. One of our domain controllers (also our network file server) has had its Security event log reaching the max size. When this happens, the network's performance becomes terrible: lots of slowness across the board, especially on our Citrix servers. Once I clear the event log on this server, performance returns to normal. The Security log isn't filling up with any errors. It's just the usual "Success Audit" entries (Privilege Use and Logon/Logoff). It just seems like it fills up very quickly. I last cleared it about an hour and a half ago, and it's already up to 25,144 entries.

Does anyone have any ideas as to why this is happening? Equally important, does anyone know a better solution than clearing the event log every day or two? It's starting to become understandably annoying. :)

There are three domain controllers and four Citrix servers. They are all running Windows Server 2003 SP2 (with the exception of the file server, which is running Windows Server 2003 SP1).
0
Comment
Question by:elorc
  • 3
5 Comments
 
LVL 6

Accepted Solution

by:
mickeyfan earned 250 total points
ID: 24115916
This is normal actually. You can do one of 3 things. continue what you are doing. or you can change the setting with in Event viewer to state over right events old than x amount of days or over right as needed. You can in crease the size of the log as well if you want to keep a longer event log.

right click security -> properties

You could also set the audit policy within the GPO to not track those events but i would not do that since you do want to track activity.
0
 
LVL 38

Assisted Solution

by:ChiefIT
ChiefIT earned 250 total points
ID: 24115971
mickyfan is correct.

You can change what is audited and put into security logs. Some admins elect not to display successful audits.

Micky is also right that you can increase the log sizes.

He is also right that this is normal behavior to slow down the LAN.

More about your event logs:
http://msdn.microsoft.com/en-us/library/ms731669(VS.85).aspx

How to supress successful logons in event logs:
http://support.microsoft.com/kb/264769
0
 
LVL 1

Author Comment

by:elorc
ID: 24116002
I have it set to "Overwrite events as needed" currently. I don't know if it can't keep up or what, but the lag doesn't seem to improve until I actually clear the log. I increased the maximum log size to 150,016 to see if that will help.

0
 
LVL 1

Author Comment

by:elorc
ID: 24116077
Ok I tried increasing the size of the log, and I also set it to not show successful privilege use. I'll see if that makes a difference and take it from there. Thanks.
0
 
LVL 1

Author Closing Comment

by:elorc
ID: 31568913
This seems to have made a noticeable improvement. Thank you!
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question