AD Security Logs Movement

  • Last Post 05 June 2017
pawan posted this 29 May 2017

Hello Guys,
Just wanted to know how you are managing big security log files on DCs.
As we have auditing enabled in AD which increasing logs within few minutes.
I am thinking it to store on network location or central location so that I don't go out of space.
Is it possible to store on network location?
Thanks in Advance.

Order By: Standard | Newest | Votes
pawan posted this 05 June 2017

Yes, to managing and collecting all the logs from servers need third party tool.
But I am searching and implementing a temporary solution.
I setup the security logs location in a new drive and enables the file access auditing to get the log when someone change files permission on a file server under advance auditing>>object access.>>file access.
I thought everything is working fine but later i noticed that no other auditing logs are being generated as logon or logoff etc..
I found that auditpol.exe is only applying the new audit policy not other which were earlier being generated.
Do you guyz have any idea why the old policy auditing setting gone.
On May 31, 2017 10:57 AM, "Ken Schaefer" <ken@xxxxxxxxxxxxxxxx> wrote:

I would recommend using a proper log management product…



ken posted this 31 May 2017

I would recommend using a proper log management product…


show posted this 30 May 2017

We use Splunk to consolidate and combine the logs from our DCs. We also include various other sources, such as mail switches and RADIUS