locked
How often should windows server audit logs be reviewed? RRS feed

  • Question

  • Greetings and happy new year to you all!

    I have a server with Windows 2008 R2 installed on it. As part of the setup, under local securioty policy, I have enabled the logging of the following events:

    • Audit account logon events  (Success & Failure)
    • Audit account management (Success & Failure)
    • Audit directory service access  (Success)
    • Audit logon events  (Success & Failure)
    • Audit object access  (None)
    • Audit policy change  (Success)
    • Audit privilege use  (None)
    • Audit process tracking  (Success)
    • Audit system events  (Success)

    The question I have is this: how often should the audit logs be reviewed? Is there a best practice for this? Also, is it possible to have an email notifcation sent to me when certain events occur?

    Thanks.


    www.SQL4n00bs.com

    Friday, January 4, 2013 11:25 AM

Answers

All replies