Just wanted to know how you are managing big security log files on DCs.
As we have auditing enabled in AD which increasing logs within few minutes.
I am thinking it to store on network location or central location so that I don't go out of space.
Is it possible to store on network location?
Thanks in Advance.
AD Security Logs Movement
- 235 Views
- Last Post 05 June 2017
We use Splunk to consolidate and combine the logs from our DCs. We also include various other sources, such as mail switches and RADIUS
Yes, to managing and collecting all the logs from servers need third party tool.
But I am searching and implementing a temporary solution.
I setup the security logs location in a new drive and enables the file access auditing to get the log when someone change files permission on a file server under advance auditing>>object access.>>file access.
I thought everything is working fine but later i noticed that no other auditing logs are being generated as logon or logoff etc..
I found that auditpol.exe is only applying the new audit policy not other which were earlier being generated.
Do you guyz have any idea why the old policy auditing setting gone.
On May 31, 2017 10:57 AM, "Ken Schaefer" <ken@xxxxxxxxxxxxxxxx> wrote:
I would recommend using a proper log management product…