Re: Security event logs
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Sat, 23 Sep 2006 11:19:48 -0700
Not much you can do.
If you are auditing what you want/need, the size is what you get.
AFAIK there is no way to say "Audit logon success and failure,
but only for accounts not of form *"$" or form "Svc*" "
If you can get that many days into that size log you are doing well.
The only real choices are to reduce what is logged, or to use a
form of log shipping/archiving and reduce the volume at the
archive.
"Bill C" <Bill C@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:468B215A-C86E-4AEB-AEFC-737E0F131EDF@xxxxxxxxxxxxxxxx
This might not be exactly the correct place to ask this question, however
it
is with the GPO where one controls auditing.
I would like to know how to "best" setup security auditing without having
Windows put tens thousand plus entries per day into the security log. I
want to monitor user logon, account management, policy changes and system
events. The last the aren't a major issue however, user logon is throwing
thousands of records with the majority being internal system related.
I would like a manageable security event log not 130+ MB file with 300,00+
entries that covers 45 days. I realize I can limit size and number of
days,
the real issue is 10000+ entries daily.
.
- Prev by Date: Re: Enable and Set allowed users for Remote Desktop through Group Poli
- Next by Date: Re: Locked out myself with GP !
- Previous by thread: Re: Enable and Set allowed users for Remote Desktop through Group Poli
- Next by thread: Remote Session ID Policy
- Index(es):
Relevant Pages
|
