Announcement

Collapse
No announcement yet.

how large can I make the event log files without causing an issue?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • how large can I make the event log files without causing an issue?

    I am doing some file access monitoring on sbs 2011. I have enabled file access auditing in group policy and also enabled the audit settings in some folders on the network that I need to monitor.

    It all seems to be working as expected, except that for 3 hours of logging it was taking up the 130MB limit set on the security event log in event viewer.

    I have now changed this to 2GB - think this will give me an estimated 2-3 days of logging.

    Is that 2GB limit likely to cause a problem, can I safely set it any higher??
    David Silvester
    Systems Administrator

  • #2
    Re: how large can I make the event log files without causing an issue?

    Subject to available disk space, large logs are no problem, but searching and filtering them will be
    You may wish to set up a scheduled task to run at midnight to export the log and clear it (link #3 here: https://www.google.co.uk/search?q=po...yOFo6JOqXugOgO)
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: how large can I make the event log files without causing an issue?

      ^^thanks very much.
      Now I looked again, there is an option to set a limit, and have the logs archived when the limits are reached. I take it that should have the same effect?
      David Silvester
      Systems Administrator

      Comment


      • #4
        Re: how large can I make the event log files without causing an issue?

        Originally posted by davids355 View Post
        ^^thanks very much.
        Now I looked again, there is an option to set a limit, and have the logs archived when the limits are reached. I take it that should have the same effect?
        I'd be asking why the logs are getting so large in the first place.

        Comment


        • #5
          Re: how large can I make the event log files without causing an issue?

          Originally posted by wullieb1 View Post
          I'd be asking why the logs are getting so large in the first place.
          I have set it up to archive the security log every 500MB.
          Its up to 4GB after about 3 days.

          I think the reason they are so big is that I have set it to audit every file action for all users for the main shared folder that the company uses! And the reason being is that someone is continuously, and accidentally, moving and or deleting client folders and they want to pinpoint who it is.
          David Silvester
          Systems Administrator

          Comment


          • #6
            Re: how large can I make the event log files without causing an issue?

            Originally posted by davids355 View Post
            I have set it up to archive the security log every 500MB.
            Its up to 4GB after about 3 days.

            I think the reason they are so big is that I have set it to audit every file action for all users for the main shared folder that the company uses! And the reason being is that someone is continuously, and accidentally, moving and or deleting client folders and they want to pinpoint who it is.
            Ahh yes. Auditing can and will smash your logs if you don't watch what your logging

            IMHO turn it on verbose for a short time and then manage from there once you see the types of events it logs.

            Comment

            Working...
            X