We currently have our security logs set to 100MB. Depending on the domain controller the logs can take anywhere from 12 hours to a couple of weeks to "roll". Our data center servers tend to roll over every 20 hours during normal every day operation but when we are getting pounded by authenticating worms and such it goes to about every 12 hours.
Our auditing is Account logon events failure Account management success/failure Logons failure Object access none Policy changes success/failure Privilege use Success/failure Process tracking none System events success/failure joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Adner Sent: Wednesday, December 24, 2003 10:25 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] How large are your security logs on your DC's? We have auditing enabled on all our servers, with the Security log set to 5MB on member servers. We upped that number to 25MB on DC's because the log was filling so fast, then again to 50MB, but it's still only maintaining about 3-4 days worth of logs (we have it configured to prune as needed). We have plenty of disk space, but I know the more we track, the harder it is to even open the log, especially remotely. I'm curious how others have their logs setup. We need to be able to track when users have logged on or off and when changes are made to policies and accounts. The audit settings are (I'm doing this from memory; I'm not at work): Account logon events success/failure Account management success/failure Logons success/failure Object access none Policy changes success/failure Privilege use failure Process tracking none System events success/failure List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
