cast the eventlogs to syslog on another machine, or use a log management system.
On Wed, Mar 24, 2010 at 10:50, Devin Meade <devin.me...@gmail.com> wrote: > So we have a brand new 2008 R2 server. This will be a file server. Our > current 2003 SP2 file server has file auditing on, but was disabled due to > NewForma Project Center. This is a unique software for architectural firms > that integrates with yet another special piece of software for architectural > firms . . . Deltek Vision which is our billing system. To summarize > NewForma, it constantly accesses the files and indexes them. All the frikin > time. That's why I had to disable file auditing. There would be 10 > bazillion entries from NewForma and then one user entry in the security log > . . . and with the limits on 2003 event log size, we got about 8-12 hours of > auditing. Now with 2008 R2 I can audit only certain users/groups. So I can > exclude (I think) this domain service account from auditing (sweet!). I > plan on once again, auditing file access by the users. I plan on seeing how > much logging is generated and then adjusting the max log size accordingly. > > With the improvements in the event logging system(s) in 2008 R2 in mind, any > thoughts or reco's on this? > > Thanks, Devin > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~