locked
Group Policy to manage audit event logs RRS feed

  • Question

  • We are going to be implementing an Advanced Audit Policy for Object Access > Audit File System & Audit Handle Manipulation. Is there a recommended GP to configure for Log file control to keep log files from growing to big?
    Friday, April 1, 2016 9:02 PM

Answers

  • Hi,

    As far as I know, there is no such a recommended GP to prevent audit event logs growing too big. What we can do is that make sure you are auditing the correct settings to avoid collecting to much information. Below is a "Best Practices" guide that you may find useful:

    Auditing Security Events Best practices
    http://technet.microsoft.com/en-us/library/cc778162%28WS.10%29.aspx

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Alvwan Monday, April 11, 2016 7:51 AM
    • Marked as answer by Alvwan Wednesday, April 13, 2016 7:53 AM
    Monday, April 4, 2016 3:06 AM

All replies