Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Active directory security log sie

Posted on 2014-11-05
7
Medium Priority
?
220 Views
Last Modified: 2014-11-11
The domain controller's security event logs are limited to 20 mb in size.  Our DCs are so busy that a 20 mb log holds only a day worth of logs.  I want to increase the size of the security log to a size which will hold at least 5 - 10 days of events, guessing it would be about 100 - 200 MB in size.

Will increasing the security event log size cause a performance issue?
Are there other considerations for sizing the security event log?

Could use advise how to best optimize the domain controller's event logs.

AD is Windows 2008 R2 functional level with about 3000 users.
0
Comment
Question by:epmmis
7 Comments
 
LVL 84

Accepted Solution

by:
David Johnson, CD, MVP earned 668 total points
ID: 40425408
you have many options one of which is to archive after they reach the maximum size..  other than the increase in disk usage there are no ill effects of increasing the size.
0
 
LVL 24

Assisted Solution

by:VB ITS
VB ITS earned 668 total points
ID: 40425945
You can change the maximum log file size to your desired size by right clicking on Security in Event ViewerProperties > modify the Maximum log size (KB) value here to your desired size. As David has mentioned above, you can also configure the logs to archive the log file when it is full in this same window so that you don't lose any history.

Just keep in mind that this will eat up disk space over time so you'll need to either implement a script to clear out older logs or clear them yourself manually.
0
 
LVL 10

Assisted Solution

by:Pramod Ubhe
Pramod Ubhe earned 664 total points
ID: 40426235
increasing log size will not cause any performance issue it will only consume more space or the space that you configure for it.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 

Author Comment

by:epmmis
ID: 40426787
Is there a best practice for retaining security logs?
0
 

Author Comment

by:epmmis
ID: 40426800
How does the archive option work?  Where are the logs archived logs stored?
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40427192
Is there a best practice for retaining security logs?
Not really. Just retain as much data as you can easily store and analyze in a reasonable amount of time.
How does the archive option work?  Where are the logs archived logs stored?
When the log file gets full, it archives the oldest events to another file, which you can open in Event Viewer if required. The archived log file along with the default log files are located in %SystemRoot%\System32\Winevt\Logs by default.

Have a look at using Group Policy for some more fine-grained control over the retention of your log files. The settings can be found in Computer ConfigurationPoliciesWindows SettingsSecurity SettingsEvent Log
0
 

Author Closing Comment

by:epmmis
ID: 40436187
The size of the log file database will be increased and then archived when it gets full.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question