Solved

Active directory security log sie

Posted on 2014-11-05
7
199 Views
Last Modified: 2014-11-11
The domain controller's security event logs are limited to 20 mb in size.  Our DCs are so busy that a 20 mb log holds only a day worth of logs.  I want to increase the size of the security log to a size which will hold at least 5 - 10 days of events, guessing it would be about 100 - 200 MB in size.

Will increasing the security event log size cause a performance issue?
Are there other considerations for sizing the security event log?

Could use advise how to best optimize the domain controller's event logs.

AD is Windows 2008 R2 functional level with about 3000 users.
0
Comment
Question by:epmmis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 81

Accepted Solution

by:
David Johnson, CD, MVP earned 167 total points
ID: 40425408
you have many options one of which is to archive after they reach the maximum size..  other than the increase in disk usage there are no ill effects of increasing the size.
0
 
LVL 24

Assisted Solution

by:VB ITS
VB ITS earned 167 total points
ID: 40425945
You can change the maximum log file size to your desired size by right clicking on Security in Event ViewerProperties > modify the Maximum log size (KB) value here to your desired size. As David has mentioned above, you can also configure the logs to archive the log file when it is full in this same window so that you don't lose any history.

Just keep in mind that this will eat up disk space over time so you'll need to either implement a script to clear out older logs or clear them yourself manually.
0
 
LVL 10

Assisted Solution

by:Pramod Ubhe
Pramod Ubhe earned 166 total points
ID: 40426235
increasing log size will not cause any performance issue it will only consume more space or the space that you configure for it.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:epmmis
ID: 40426787
Is there a best practice for retaining security logs?
0
 

Author Comment

by:epmmis
ID: 40426800
How does the archive option work?  Where are the logs archived logs stored?
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40427192
Is there a best practice for retaining security logs?
Not really. Just retain as much data as you can easily store and analyze in a reasonable amount of time.
How does the archive option work?  Where are the logs archived logs stored?
When the log file gets full, it archives the oldest events to another file, which you can open in Event Viewer if required. The archived log file along with the default log files are located in %SystemRoot%\System32\Winevt\Logs by default.

Have a look at using Group Policy for some more fine-grained control over the retention of your log files. The settings can be found in Computer ConfigurationPoliciesWindows SettingsSecurity SettingsEvent Log
0
 

Author Closing Comment

by:epmmis
ID: 40436187
The size of the log file database will be increased and then archived when it gets full.
0

Featured Post

Office 365 Advanced Training for Admins

Special Offer:  Buy 1 course, get 2nd free!  Buy the 'Managing Office 365 Identities & Requirements' course w/ Accelerated TestPrep, and automatically receive the 'Enabling Office 365 Services' course FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question