I suppose in theory, setting it to crash on full is also a security risk since it could be used to cause a denial of service.
I'd guess that if you have something that siphons off the logs on submit event, then it could be a workable solution. I'd have to say I'm not impressed with a lot of the tools currently out there that do this due to the overhead they place on the machine, but it could be done. MOM Server is a good way to get this done IIRC. I'm guessing that's what you had in mind, Rick? Something that clears it as it is written, vs a timed deal? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gasper, Rick Sent: Monday, August 23, 2004 9:02 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] By design or configurable ? I have had the same problem, but setting the logs to overwrite is bad system administration. IF a person attempt to break passwords, thy can just flood the server with requests and eventually the log will clear. The best solution is to have the logs cleared by a script or third party utility to clear and archive the logs every night. Rick Gasper Manager, Network Services King's College 133 N. River St Wilkes-Barre PA 18711 PH: 570-208-5845 Fax: 570-208-6072 Cell: 570-760-0335 [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Depp, Dennis M. Sent: Monday, August 23, 2004 6:48 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] By design or configurable ? Guy, One way to avoid the problems of a full security log is to set the logs to overwrite as needed. You can set this via group policy. I don't know if the kerberos ticket is cached or not. (I suspect not.) When a machine reconnects to the network and you attempt to access a network resource, the resource will ask for you ticket. If you don't have one, or if it is out of date, the client will request a new kerberos ticket and then be authenticated to the resource. Denny > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Guy > Teverovsky > Sent: Friday, August 20, 2004 8:48 PM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] By design or configurable ? > > > In my environment, when W2K3 DC boots with security logs full, the > replication from that DC stops till the security log is cleared and > the box is rebooted. > The interesting thing is that after the security logs become full > (while the box is online) the replication continues to work till the > box is rebooted with full log. > > So the question is whether this can be prevented (we do have a routine > which takes care of security logs archiving, but it failed on one of > the DCs and I would like to prevent the replication from breaking > again). > > And another OT question: > When logging on to XP with cached credentials, is the Kerberos ticket > cached too ? And if yes, what happens when the ticket expires and the > box is reconnected to the network: will it seamlessly try to renew the > ticked ? > > Thanks, > Guy > > -- > Smith & Wesson - the original point and click interface > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
