Auditing Vs Performance

Discussion in 'Server Security' started by MLtt, Mar 12, 2009.

  1. MLtt

    MLtt Guest

    Hi all. I recently became suspicious that some users on my network are
    making
    misuse of the files on the server. Therefore I enabled audditing for both
    successfull and failed attempts. This made the secutiy log large enough and
    created a performance overhead. In fact the backup routine done in the night
    did not complete in the required time and I had to terminate it and remove
    auditing to be able to complete.

    My question is this...is there a way to enable auditing and at the same time
    do
    not create a performance bottleneck? so that backup could complete? or which
    auditing entries are the most essential?

    Grazias
     
    MLtt, Mar 12, 2009
    #1
    1. Advertisements

  2. MLtt

    Al Dunbar Guest

    I'm no expert on auditing, however, it would appear that you might have
    turned on auditing for too many different events. What, precisely, do you
    think it is your users are doing, and what gave rise to your suspicions?

    /Al
     
    Al Dunbar, Mar 15, 2009
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.