What is the general consensus on logging successful logon events? For example if you have a domain with 100K users or so and you use AD as your primary authentication service for: application, file, email, and web access then it is plausible that you will end up with up to 100 log entries per second. That kind of volume will no doubt cause the logs to roll over frequently thus making them somewhat useless.
The only alternatives I see are: a) Don't log success logon. b) Set your event log size to a very large (and possibly unmanageable) size. c) Invest in a fancy log management system that will collect, index, and retain all of your logs. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx