Domain Controller Security Event Logs

Posted on 2010-11-21
Last Modified: 2012-05-10

Does anybody know what is the maximum safe size for security logs on a Win2k3 domain controller ?

If i change the event logs size on one DC, does it also replicate across all DCs?

Thanks :)
Question by:sproku
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
LVL 57

Expert Comment

by:Mike Kline
ID: 34185158
Where I am we use the NSA or DISA guides   I'll look to see what they recommend but you can also see for your OS

No the size is not replicated but you can set it using group policy so it applies to all the servers (or DCs)


LVL 15

Expert Comment

ID: 34185166
You will need to set this on all domain controllers.  It will not replicate.

Here is some info on the sizes
LVL 15

Expert Comment

ID: 34185172
YOu could set the log sizes via a GPO on the domain controllers.
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.


Author Comment

ID: 34185223
I see that maximum security log size that can be set is up to 4GB. What would be the cons when i set it to the max of 4GB?
LVL 15

Assisted Solution

getzjd earned 62 total points
ID: 34185231
Parsing the files would take longer.  Depends on what you are wanting to do with these log files.

Author Comment

ID: 34185255
are there no system performance degradation when raising it to max size?
LVL 57

Accepted Solution

Mike Kline earned 63 total points
ID: 34185265

Author Comment

ID: 34185932
i see. i guess I'll just go with archiving of the log files.

thanks guys.

Author Closing Comment

ID: 34185939
thanks guys

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question