epmmis
asked on
Active directory security log sie
The domain controller's security event logs are limited to 20 mb in size. Our DCs are so busy that a 20 mb log holds only a day worth of logs. I want to increase the size of the security log to a size which will hold at least 5 - 10 days of events, guessing it would be about 100 - 200 MB in size.
Will increasing the security event log size cause a performance issue?
Are there other considerations for sizing the security event log?
Could use advise how to best optimize the domain controller's event logs.
AD is Windows 2008 R2 functional level with about 3000 users.
Will increasing the security event log size cause a performance issue?
Are there other considerations for sizing the security event log?
Could use advise how to best optimize the domain controller's event logs.
AD is Windows 2008 R2 functional level with about 3000 users.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
How does the archive option work? Where are the logs archived logs stored?
Is there a best practice for retaining security logs?Not really. Just retain as much data as you can easily store and analyze in a reasonable amount of time.
How does the archive option work? Where are the logs archived logs stored?When the log file gets full, it archives the oldest events to another file, which you can open in Event Viewer if required. The archived log file along with the default log files are located in %SystemRoot%\System32\Wine
Have a look at using Group Policy for some more fine-grained control over the retention of your log files. The settings can be found in Computer Configuration > Policies > Windows Settings > Security Settings > Event Log
ASKER
The size of the log file database will be increased and then archived when it gets full.
ASKER