we have someone installing a fortigate device for content filtering. he is asking me to turn on success logging in my domain controllers. this leads me to ask several questions:
1. Do I turn on success logging for both the default domain policy AND the default domain controller policy or just one?
2. Isn't that a crap load of extra logging?
3. What is considered too big for logging file sizes? Mine are already 4 gigs and they are over writing multiple times a day. I don't want to grow the log too big and 4gigs for a text logging file seems massive. What are my limits? What are some good rules of thumb for DC logging file sizes?
4. What else do I need to know here?
Basically, for content filtering on the internet, I have never seen an appliance require this and I'm hesitant to log this as we have over 600 users in the domain. I don't want my security logs to be 4gigs and I don't want my DC logging the crap out of everything just because this deivce sucks and can't do it's job correctly.