Home / Q&A
Follow via:
RSS
Email Alert
Question
0 Votes
+ -

AD log settings and consolidation strategy

AS I understand it Windows Domain Controllers each keep their own log of security events, which means a specific security incident (log on, and log off events are the specific point of interest at the moment, I'm sure there will be more later). could be on whichever Domain controller got the request first, responded the quickest (Comparing security Logs from two domain controllers certainly seems to confirm this, but If I am misunderstanding it, please let me know what I am missing).

We have not required long-term archival of these logs in the past, but that is changing. So my question, to make these logs useful...
1) What things do you recommend logging/not logging and more importantly 2) What methods do you recommend using to consolidate these logs. My leaning is to use one of the myriad solutions I have seen that allows you to dump to syslog. Has anyone used any of these? and if so, ,can you offer any pointers/recommendations?

long winded question, sorry, maybe I should have made it a discussion instead...
Tags: windows, security, it management, linux, networking
shardeth-15902278
19th Feb 2008
Answer the Question
Answer the question
Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

Join the TechRepublic Community and join the conversation! Signing-up is free and quick, Do it now, we want to hear your opinion.

Join Login

Keep Up with TechRepublic

Discover more newsletters

Follow us however you choose!

Media Gallery

View All

Hot Discussions

Start a Discussion
View All

Hot Questions

Ask a Question