Link to home
Create AccountLog in
Avatar of Adam Chaney
Adam Chaney

asked on

Filtering windows event logs

As our company is getting larger we are having an issue with security event logs running over the size limit quickly. I was wondering if there is a way to filter the log for the bad password event ID and save the last 5MB of the filtered events. I found the create custom log, but it only seems to create a preselected filter for the existing events.
Avatar of McKnife
McKnife
Flag of Germany image

You shouldn't log anything - maybe it would be better to revise what is being logged.
Is the security log set it's maximum (4 GB)?
https://technet.microsoft.com/en-us/library/cc938399.aspx?f=255&MSPPError=-2147217396

Could write a power script to handle your requirements.

Have you thought about a log collection and alerting tool such as splunk?
Avatar of Adam Chaney
Adam Chaney

ASKER

Not sure that I understand. Why wouldn't we want to log anything? We use the default security log on the domain controller for trouble shooting bad password attempts. Usually I can track where the password attempts are coming from (radius server, exchange server, ect) to let the user know they need to updated a password in specific location.
ASKER CERTIFIED SOLUTION
Avatar of McKnife
McKnife
Flag of Germany image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Accept: McKnife (https:#a42455622)

If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

seth2740
Experts-Exchange Cleanup Volunteer