Hack 26 Change Your Maximum Log File SizesChange your log properties so that they see the whole picture. From a security point of view, logs are one of the most important assets contained on a server. After all, without logs how will you know if or when someone has gained access to your machine? Therefore, it is imperative that your logs not miss a beat. If you're trying to track down the source of an incident, having missing log entries is not much better than having no logs at all. One common problem is that the maximum log size is set too lowthe default is a measly 512KB. To change this, open the Administrative Tools control panel, and then open the Event Viewer. You should now see something similar to Figure 2-3. Figure 2-3. The Windows Event ViewerAfter you have done this, select one of the log files from the left pane of the Event Viewer window and right-click it. Now select the Properties menu item. You should now see something similar to Figure 2-4. Figure 2-4. Security Log PropertiesNow locate the text input box with the label "Maximum log size". You can type in the new maximum size directly, or you can use the arrows next to the text box to change the value. Anything above 1MB is good to use here. It all depends on how often you want to review and archive your logs. However, keep in mind that having very large log files won't inherently slow down the machine, but can slow down the Event Viewer when you're trying to view the logs. While you're here, you may also want to change the behavior for when the log file reaches its maximum size. By default, it will start overwriting log entries that are older than seven days with newer log entries. It is recommended that you change this value to something highersay 31 days. Alternatively, you could elect not to have logs overwritten automatically at all, in which case you'll need to clear the log manually. |
لطفا منتظر باشید ...
