I run 500 meg for App, Security, System logs. This provides lots of time to investigate for items.
>>> [EMAIL PROTECTED] 12/24/03 10:24AM >>> We have auditing enabled on all our servers, with the Security log set to 5MB on member servers. We upped that number to 25MB on DC's because the log was filling so fast, then again to 50MB, but it's still only maintaining about 3-4 days worth of logs (we have it configured to prune as needed). We have plenty of disk space, but I know the more we track, the harder it is to even open the log, especially remotely. I'm curious how others have their logs setup. We need to be able to track when users have logged on or off and when changes are made to policies and accounts. The audit settings are (I'm doing this from memory; I'm not at work): Account logon events success/failure Account management success/failure Logons success/failure Object access none Policy changes success/failure Privilege use failure Process tracking none System events success/failure List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
