crp0499
asked on
Server 2012 R2 domain controllers and log files
we have someone installing a fortigate device for content filtering. he is asking me to turn on success logging in my domain controllers. this leads me to ask several questions:
1. Do I turn on success logging for both the default domain policy AND the default domain controller policy or just one?
2. Isn't that a crap load of extra logging?
3. What is considered too big for logging file sizes? Mine are already 4 gigs and they are over writing multiple times a day. I don't want to grow the log too big and 4gigs for a text logging file seems massive. What are my limits? What are some good rules of thumb for DC logging file sizes?
4. What else do I need to know here?
Basically, for content filtering on the internet, I have never seen an appliance require this and I'm hesitant to log this as we have over 600 users in the domain. I don't want my security logs to be 4gigs and I don't want my DC logging the crap out of everything just because this deivce sucks and can't do it's job correctly.
Thoughts?
Thanks
Cliff
1. Do I turn on success logging for both the default domain policy AND the default domain controller policy or just one?
2. Isn't that a crap load of extra logging?
3. What is considered too big for logging file sizes? Mine are already 4 gigs and they are over writing multiple times a day. I don't want to grow the log too big and 4gigs for a text logging file seems massive. What are my limits? What are some good rules of thumb for DC logging file sizes?
4. What else do I need to know here?
Basically, for content filtering on the internet, I have never seen an appliance require this and I'm hesitant to log this as we have over 600 users in the domain. I don't want my security logs to be 4gigs and I don't want my DC logging the crap out of everything just because this deivce sucks and can't do it's job correctly.
Thoughts?
Thanks
Cliff
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I cannot find any "microsoft" documentation stating recommendations of Security Log File size, however I have over 30,000 users in the AD environment that i manage and each of my DC's have a security log of 1GB. I do my log collections to my logging server every 5 minutes.
I would not recommend that you increase this log size rather increase the amount of time that your logging server fetches the security log data.
Will.
I would not recommend that you increase this log size rather increase the amount of time that your logging server fetches the security log data.
Will.
ASKER
can I bump it to 16 gigs? that just seems crazy to even ask.