log file size in exchange

I know EXBPA suggests your application log size should be >40mb. Not being an exchange admin myself - what are the risks in having a much smaller application log size, if anything? Are there any real risks? What kind of information goes in the application log file, and is it of much importance? I dont really see any issue whether its 20mb or 40mb - please enlighten me.
LVL 3
pma111Asked:
Who is Participating?
 
MHMAdminsConnect With a Mentor Commented:
Depends there are multiple logs involved with Exchange, you have the built in Appliction logs, security logs, and system logs. Then you have Applications and services logs which as the name says it logs any cmdlets run whether creating or deleting a user account or if you move an account into another DB or container. It will track if you create Transport rules, hub rules it will log everything and categorize it into the a perticular task category. IF you're environment is running a small exchange with just a few people I wouldn't expect that log to be too big. However if you're in a big enterprise environment with more going on in the back end the the logs will be significantly bigger.
0
 
MHMAdminsCommented:
It just depends on how much information you are trying to audit from the logs, if the logging is more frequent your log size will be bigger. If you set the logging to verbose mode which means it will report more detailed metrics than the log file itself will be bigger. It really just depends on your reporting and auditing requirements for your environment.
0
 
pma111Author Commented:
But I guess where I am coming from is - why would you want to log more? When is this information ever used? If never - then who cares if you collect the last 5mb worth of logs before overwriting - or the last 100mb?
0
 
MHMAdminsCommented:
Well for instance in my environment I'm guided by HIPAA rules and regulations and subject to audits, or if there is ever an intrusion detection event from someone trying to get acces to and failing security auditing I can disable the account the intruder is trying to access all while maintaining a record of said events in case of a federal audit.
0
 
pma111Author Commented:
Would that information go in the security log though as opposed the application log? I dont really understand exchange enough to know what information goes in the application log and what worth those log entries actually are?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.