| Author | Messages | |
DhirajHaritwal
Posts:50
 | | 03/25/2008 12:10 PM |
| Hi,
I have set the windows server security events size as 16384 KB with Do
not overwrite events options (clear log manually). Now my question is
what will happen when this will exceed this size limit. I know that
whenever I will login to this server, it will prompt me a message to
clear these logs. But if I won't purge these logs manually, will it
generate a new log file automatically or it will not capture logs for
this period?
I
Regards
Dhiraj Haritwal
-------------------------------------------------------------------
This email is confidential and intended only for the use of the individual or entity named above and may contain information that is privileged. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or telephone and destroy the original message. - This mail is sent via Sony Asia Pacific Mail Gateway.
-------------------------------------------------------------------
| | | |
| bdesmond
Posts:415
| | 03/25/2008 12:35 PM |
| It won't capture logs and depending on security policy settings it will
either shutdown the server or not allow anyone but admins to logon.
Why do you have this set and why do you have the size set so low?
--brian
On Tue, Mar 25, 2008 at 12:05 PM, Haritwal, Dhiraj <
Dhiraj.Haritwal@ap.sony.com> wrote:
> Hi,
>
>
>
> I have set the windows server security events size as 16384 KB with Do not
> overwrite events options (clear log manually). Now my question is what will
> happen when this will exceed this size limit. I know that whenever I will
> login to this server, it will prompt me a message to clear these logs. But
> if I won't purge these logs manually, will it generate a new log file
> automatically or it will not capture logs for this period?
>
>
>
> I
>
>
>
> Regards
>
>
>
> Dhiraj Haritwal
>
>
>
>
>
> ------------------------------
>
> This email is confidential and intended only for the use of the individual
> or entity named above and may contain information that is privileged. If you
> are not the intended recipient, you are notified that any dissemination,
> distribution or copying of this email is strictly prohibited. If you have
> received this email in error, please notify us immediately by return email
> or telephone and destroy the original message. - This mail is sent via Sony
> Asia Pacific Mail Gateway.
> ------------------------------
>
--
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
| | | |
| michael1
Posts:202
| | 03/25/2008 6:33 PM |
| A solution: http://support.microsoft.com/kb/312571
Regards,
Michael B. Smith
MCSE/Exchange MVP
http://TheEssentialExchange.com
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Tuesday, March 25, 2008 12:34 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Windows Event file Size
It won't capture logs and depending on security policy settings it will
either shutdown the server or not allow anyone but admins to logon.
Why do you have this set and why do you have the size set so low?
--brian
On Tue, Mar 25, 2008 at 12:05 PM, Haritwal, Dhiraj
<Dhiraj.Haritwal@ap.sony.com> wrote:
Hi,
I have set the windows server security events size as 16384 KB with Do not
overwrite events options (clear log manually). Now my question is what will
happen when this will exceed this size limit. I know that whenever I will
login to this server, it will prompt me a message to clear these logs. But
if I won't purge these logs manually, will it generate a new log file
automatically or it will not capture logs for this period?
I
Regards
Dhiraj Haritwal
_____
This email is confidential and intended only for the use of the individual
or entity named above and may contain information that is privileged. If you
are not the intended recipient, you are notified that any dissemination,
distribution or copying of this email is strictly prohibited. If you have
received this email in error, please notify us immediately by return email
or telephone and destroy the original message. - This mail is sent via Sony
Asia Pacific Mail Gateway.
_____
--
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
| | | |
| JefTek
Posts:48
| | 03/25/2008 6:48 PM |
| Since we are on the topic of Event File Size, does anyone know if the Max event log size has changed in x64 versions of Windows, compared to x86 versions?
I would imagine since x64 can address more memory per process, this would also apply to allowing a larger event file size?
I had blogged about this awhile ago, but never really came up with a clear answer.
http://jeftek.com/iam/activedirectory/64bit-domain-controllers-and-event-log-max-sizing/
Are there any newer recommendations for Event Log sizing on x64 hardware with a large amount of memory?Jef Kazimer ------- http://jeftek.com
From: michael@TheEssentialExchange.comTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Windows Event file SizeDate: Tue, 25 Mar 2008 18:32:17 -0400
A solution: http://support.microsoft.com/kb/312571
Regards,
Michael B. Smith
MCSE/Exchange MVP
http://TheEssentialExchange.com
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian DesmondSent: Tuesday, March 25, 2008 12:34 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Windows Event file Size
It won't capture logs and depending on security policy settings it will either shutdown the server or not allow anyone but admins to logon.
Why do you have this set and why do you have the size set so low?
--brian
On Tue, Mar 25, 2008 at 12:05 PM, Haritwal, Dhiraj <Dhiraj.Haritwal@ap.sony.com> wrote:
Hi,
I have set the windows server security events size as 16384 KB with Do not overwrite events options (clear log manually). Now my question is what will happen when this will exceed this size limit. I know that whenever I will login to this server, it will prompt me a message to clear these logs. But if I won't purge these logs manually, will it generate a new log file automatically or it will not capture logs for this period?
I
Regards
Dhiraj Haritwal
This email is confidential and intended only for the use of the individual or entity named above and may contain information that is privileged. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or telephone and destroy the original message. - This mail is sent via Sony Asia Pacific Mail Gateway.
-- Thanks,Brian Desmondbrian@briandesmond.comc - 312.731.3132
| | | |
| slinehan
Posts:18
| | 03/25/2008 8:08 PM |
| The reason there was a limit in Windows Server 2003 x86 and prior versions of the OS had to do with the fact that we did not allow a process to have more than 1GB of memory-mapped files total. The full explanation is here: http://technet2.microsoft.com/WindowsServer/en/library/5a86ab0f-c7eb-45ed-9e5e-514173bf15e31033.mspx?mfr=true. That being said Windows Server 2003 x64 does not have this limit and therefore your logs can grow as large as you want just as they can on Windows Server 2008 where the mechanism for logging was changed. The practical limit becomes how much data you want to filter through and the amount of time you want to wait for the filters to complete, so more of a usability limit.
Thanks,
-Steve
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Tuesday, March 25, 2008 6:06 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Windows Event file Size
I've never been able to get someone to commit to an answer about this on x64. The ADRAP tool checks this - if someone has a recent version around go dig in there and see if there's a branch in the logic for this.
--brian
On Tue, Mar 25, 2008 at 6:43 PM, Jef Kazimer <jef@jeftek.com<mailto:jef@jeftek.com>> wrote:
Since we are on the topic of Event File Size, does anyone know if the Max event log size has changed in x64 versions of Windows, compared to x86 versions?
I would imagine since x64 can address more memory per process, this would also apply to allowing a larger event file size?
I had blogged about this awhile ago, but never really came up with a clear answer.
http://jeftek.com/iam/activedirectory/64bit-domain-controllers-and-event-log-max-sizing/
Are there any newer recommendations for Event Log sizing on x64 hardware with a large amount of memory?
Jef Kazimer
-------
http://jeftek.com<http://jeftek.com/>
________________________________
From: michael@TheEssentialExchange.com<mailto:michael@TheEssentialExchange.com>
To: ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org>
Subject: RE: [ActiveDir] Windows Event file Size
Date: Tue, 25 Mar 2008 18:32:17 -0400
A solution: http://support.microsoft.com/kb/312571
Regards,
Michael B. Smith
MCSE/Exchange MVP
http://TheEssentialExchange.com<http://theessentialexchange.com/>
From: ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org> [mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>] On Behalf Of Brian Desmond
Sent: Tuesday, March 25, 2008 12:34 PM
To: ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org>
Subject: Re: [ActiveDir] Windows Event file Size
It won't capture logs and depending on security policy settings it will either shutdown the server or not allow anyone but admins to logon.
Why do you have this set and why do you have the size set so low?
--brian
On Tue, Mar 25, 2008 at 12:05 PM, Haritwal, Dhiraj <Dhiraj.Haritwal@ap.sony.com<mailto hiraj.Haritwal@ap.sony.com>> wrote:
Hi,
I have set the windows server security events size as 16384 KB with Do not overwrite events options (clear log manually). Now my question is what will happen when this will exceed this size limit. I know that whenever I will login to this server, it will prompt me a message to clear these logs. But if I won't purge these logs manually, will it generate a new log file automatically or it will not capture logs for this period?
I
Regards
Dhiraj Haritwal
________________________________
This email is confidential and intended only for the use of the individual or entity named above and may contain information that is privileged. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or telephone and destroy the original message. - This mail is sent via Sony Asia Pacific Mail Gateway.
________________________________
--
Thanks,
Brian Desmond
brian@briandesmond.com<mailto:brian@briandesmond.com>
c - 312.731.3132
--
Thanks,
Brian Desmond
brian@briandesmond.com<mailto:brian@briandesmond.com>
c - 312.731.3132
| | | |
|
|