?
Solved

Active directory security log sie

Posted on 2014-11-05
7
Medium Priority
?
209 Views
Last Modified: 2014-11-11
The domain controller's security event logs are limited to 20 mb in size.  Our DCs are so busy that a 20 mb log holds only a day worth of logs.  I want to increase the size of the security log to a size which will hold at least 5 - 10 days of events, guessing it would be about 100 - 200 MB in size.

Will increasing the security event log size cause a performance issue?
Are there other considerations for sizing the security event log?

Could use advise how to best optimize the domain controller's event logs.

AD is Windows 2008 R2 functional level with about 3000 users.
0
Comment
Question by:epmmis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 82

Accepted Solution

by:
David Johnson, CD, MVP earned 668 total points
ID: 40425408
you have many options one of which is to archive after they reach the maximum size..  other than the increase in disk usage there are no ill effects of increasing the size.
0
 
LVL 24

Assisted Solution

by:VB ITS
VB ITS earned 668 total points
ID: 40425945
You can change the maximum log file size to your desired size by right clicking on Security in Event ViewerProperties > modify the Maximum log size (KB) value here to your desired size. As David has mentioned above, you can also configure the logs to archive the log file when it is full in this same window so that you don't lose any history.

Just keep in mind that this will eat up disk space over time so you'll need to either implement a script to clear out older logs or clear them yourself manually.
0
 
LVL 10

Assisted Solution

by:Pramod Ubhe
Pramod Ubhe earned 664 total points
ID: 40426235
increasing log size will not cause any performance issue it will only consume more space or the space that you configure for it.
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 

Author Comment

by:epmmis
ID: 40426787
Is there a best practice for retaining security logs?
0
 

Author Comment

by:epmmis
ID: 40426800
How does the archive option work?  Where are the logs archived logs stored?
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40427192
Is there a best practice for retaining security logs?
Not really. Just retain as much data as you can easily store and analyze in a reasonable amount of time.
How does the archive option work?  Where are the logs archived logs stored?
When the log file gets full, it archives the oldest events to another file, which you can open in Event Viewer if required. The archived log file along with the default log files are located in %SystemRoot%\System32\Winevt\Logs by default.

Have a look at using Group Policy for some more fine-grained control over the retention of your log files. The settings can be found in Computer ConfigurationPoliciesWindows SettingsSecurity SettingsEvent Log
0
 

Author Closing Comment

by:epmmis
ID: 40436187
The size of the log file database will be increased and then archived when it gets full.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Suggested Courses
Course of the Month10 days, 20 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question