Much much larger at the moment. One thing to keep in mind about the event logs as you grow them: There is a limit to the size you can use. A best practice is not to go over a total of 300MB due to architectural limitations in the way event log service was built. As you start to get close to that limit (that's a total event log size including app, sec, sys, dns, frs, etc logs), you'll want to consider changing the way you keep the information for analysis.
Al -----Original Message----- From: David Adner [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 24, 2003 10:25 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] How large are your security logs on your DC's? We have auditing enabled on all our servers, with the Security log set to 5MB on member servers. We upped that number to 25MB on DC's because the log was filling so fast, then again to 50MB, but it's still only maintaining about 3-4 days worth of logs (we have it configured to prune as needed). We have plenty of disk space, but I know the more we track, the harder it is to even open the log, especially remotely. I'm curious how others have their logs setup. We need to be able to track when users have logged on or off and when changes are made to policies and accounts. The audit settings are (I'm doing this from memory; I'm not at work): Account logon events success/failure Account management success/failure Logons success/failure Object access none Policy changes success/failure Privilege use failure Process tracking none System events success/failure List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
