Solved

Active directory security log sie

Posted on 2014-11-05
7
191 Views
Last Modified: 2014-11-11
The domain controller's security event logs are limited to 20 mb in size.  Our DCs are so busy that a 20 mb log holds only a day worth of logs.  I want to increase the size of the security log to a size which will hold at least 5 - 10 days of events, guessing it would be about 100 - 200 MB in size.

Will increasing the security event log size cause a performance issue?
Are there other considerations for sizing the security event log?

Could use advise how to best optimize the domain controller's event logs.

AD is Windows 2008 R2 functional level with about 3000 users.
0
Comment
Question by:epmmis
7 Comments
 
LVL 80

Accepted Solution

by:
David Johnson, CD, MVP earned 167 total points
ID: 40425408
you have many options one of which is to archive after they reach the maximum size..  other than the increase in disk usage there are no ill effects of increasing the size.
0
 
LVL 24

Assisted Solution

by:VB ITS
VB ITS earned 167 total points
ID: 40425945
You can change the maximum log file size to your desired size by right clicking on Security in Event ViewerProperties > modify the Maximum log size (KB) value here to your desired size. As David has mentioned above, you can also configure the logs to archive the log file when it is full in this same window so that you don't lose any history.

Just keep in mind that this will eat up disk space over time so you'll need to either implement a script to clear out older logs or clear them yourself manually.
0
 
LVL 10

Assisted Solution

by:Pramod Ubhe
Pramod Ubhe earned 166 total points
ID: 40426235
increasing log size will not cause any performance issue it will only consume more space or the space that you configure for it.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:epmmis
ID: 40426787
Is there a best practice for retaining security logs?
0
 

Author Comment

by:epmmis
ID: 40426800
How does the archive option work?  Where are the logs archived logs stored?
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40427192
Is there a best practice for retaining security logs?
Not really. Just retain as much data as you can easily store and analyze in a reasonable amount of time.
How does the archive option work?  Where are the logs archived logs stored?
When the log file gets full, it archives the oldest events to another file, which you can open in Event Viewer if required. The archived log file along with the default log files are located in %SystemRoot%\System32\Winevt\Logs by default.

Have a look at using Group Policy for some more fine-grained control over the retention of your log files. The settings can be found in Computer ConfigurationPoliciesWindows SettingsSecurity SettingsEvent Log
0
 

Author Closing Comment

by:epmmis
ID: 40436187
The size of the log file database will be increased and then archived when it gets full.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Synchronize a new Active Directory domain with an existing Office 365 tenant
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question