Configuring The Security Log

By Author: iris
Total Articles: 286
Comment this article

Security logging begins when you set an audit policy for the free practice IT questions domain controller or local computer. Logging stops when the security log becomes full and cannot overwrite itself, either because it has been set for manual clearing or because the first event in the log is not old enough. When security logging stops, an error might be written to the application log. You can avoid a full security log by logging only key events and by configuring the size of the security log.
To configure the security log size, complete the following steps:
1.Open the Event Viewer console.
2.In the console tree, right-click Security, and then click Properties.
3.In the General tab in the Security Properties dialog box, shown in Figure 13-16,
type the maximum log file size, which can be from 64 kilobytes (KB) to 4,194,240 KB (4 gigabytes). The default size is 512 KB.
4.LJncler When Maximum Log File Size Is Reached, select one of the following:
Overwrite Events As Needed, to write all new events to the log. When the log is full, each new event replaces ...
... the oldest event. Use this option with caution; it can be used to hide undesirable events.
Overwrite Events Older Than X Days and specify for X the number of days (1-365) an Free A+ exam questions event is to be retained before it is overwritten. New events are not added if the maximum log size is reached and there are no events older than this period.
Do Not Overwrite Events (Clear Log Manually) to specify whether existing events are retained when the log is full. If the maximum log size is reached, new events are discarded. This option requires you to manually clear the log.
You also can configure security log size for computers in a site, domain, or OU by using the Event Log settings in a GPO. The Event Log settings are located in Computer Configuration/Windows Settings/Security Settings/Event Log.
Securing Systems Through OUs
As you've learned in previous chapters, OU structure is important for the efficient application of Group Policy. Since you can deploy security configurations through Group Policy, it's logical to say that OU structure is also important for security. As you develop security templates for your systems, consider grouping systems that require the same security configuration into a single OU. Not only will an OU help you keep track of those "secure" systems, but it will make it easier for you to analyze and improve their security in the future. You can deploy your security configuration by linking a custom GPO at the OU level, instead of free comptia security+ exam configuring each system individually.