Solved

Active directory security log sie

Posted on 2014-11-05
7
203 Views
Last Modified: 2014-11-11
The domain controller's security event logs are limited to 20 mb in size.  Our DCs are so busy that a 20 mb log holds only a day worth of logs.  I want to increase the size of the security log to a size which will hold at least 5 - 10 days of events, guessing it would be about 100 - 200 MB in size.

Will increasing the security event log size cause a performance issue?
Are there other considerations for sizing the security event log?

Could use advise how to best optimize the domain controller's event logs.

AD is Windows 2008 R2 functional level with about 3000 users.
0
Comment
Question by:epmmis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 81

Accepted Solution

by:
David Johnson, CD, MVP earned 167 total points
ID: 40425408
you have many options one of which is to archive after they reach the maximum size..  other than the increase in disk usage there are no ill effects of increasing the size.
0
 
LVL 24

Assisted Solution

by:VB ITS
VB ITS earned 167 total points
ID: 40425945
You can change the maximum log file size to your desired size by right clicking on Security in Event ViewerProperties > modify the Maximum log size (KB) value here to your desired size. As David has mentioned above, you can also configure the logs to archive the log file when it is full in this same window so that you don't lose any history.

Just keep in mind that this will eat up disk space over time so you'll need to either implement a script to clear out older logs or clear them yourself manually.
0
 
LVL 10

Assisted Solution

by:Pramod Ubhe
Pramod Ubhe earned 166 total points
ID: 40426235
increasing log size will not cause any performance issue it will only consume more space or the space that you configure for it.
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 

Author Comment

by:epmmis
ID: 40426787
Is there a best practice for retaining security logs?
0
 

Author Comment

by:epmmis
ID: 40426800
How does the archive option work?  Where are the logs archived logs stored?
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40427192
Is there a best practice for retaining security logs?
Not really. Just retain as much data as you can easily store and analyze in a reasonable amount of time.
How does the archive option work?  Where are the logs archived logs stored?
When the log file gets full, it archives the oldest events to another file, which you can open in Event Viewer if required. The archived log file along with the default log files are located in %SystemRoot%\System32\Winevt\Logs by default.

Have a look at using Group Policy for some more fine-grained control over the retention of your log files. The settings can be found in Computer ConfigurationPoliciesWindows SettingsSecurity SettingsEvent Log
0
 

Author Closing Comment

by:epmmis
ID: 40436187
The size of the log file database will be increased and then archived when it gets full.
0

Featured Post

Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question