If you are looking at the growth on the dc and you have a lot of clients,
that growth is relatively normal. We ended up purchasing a third party
product and outputting it to a SQL Server DB that stay at about 8 gb for 30
days of logs. The third party product does allow us to par back with logs
we save but we just keep them all. We use Event Sentry.
You can log the activity on a single machine but unless you are interested
in a specific machine this would be a bad idea.
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.
"Willis" <> wrote in message
news:...
> Hello,
>
> Does anyone here have any good suggestions for security auditing in a SMB
> Server 2003 environment?
>
> We need a record of every time a user logins, logouts or unlocks windows
> xp on their local computer and preferably a central location to manage
> these records.
>
> I've been trying to use the DC security log to monitor events but it is so
> tedious sorting through object and login events by every program and user
> and it doesn't log when the user unlocks their windows session. It also
> fills up extrememly fast. We get barely get 20 hours with a 32MB file.
> There has to be a better way to manage these without spending a ton of
> money on a 3rd party event manager, right?
>
> Any help is appreciated.
>
> Thanks,
> Andrew
>
Similar Threads
Linear Mode
