Hack 26 Change Your Maximum Log File Sizes
Change your log properties so that they see the
whole picture.
From a security point of view, logs
are one of the most important assets contained on a server. After
all, without logs how will you know if or when someone has gained
access to your machine? Therefore, it is imperative that your logs
not miss a beat. If you're trying to track down the
source of an incident, having missing log entries is not much better
than having no logs at all.
One common problem is that the maximum log size is set too
low�the default is a measly 512KB. To change this, open the
Administrative Tools control panel, and then open the Event Viewer.
You should now see something similar to Figure 2-3.
After you have done this, select one of the log files from the left
pane of the Event Viewer window and right-click it. Now select the
Properties menu item. You should now see something similar to Figure 2-4.
Now locate the text input box with the label
"Maximum log size". You can type in
the new maximum size directly, or you can use the arrows next to the
text box to change the value. Anything above 1MB is good to use here.
It all depends on how often you want to review and archive your logs.
However, keep in mind that having very large log files
won't inherently slow down the machine, but can slow
down the Event Viewer when you're trying to view the
logs. While you're here, you may also want to change
the behavior for when the log file reaches its maximum size. By
default, it will start overwriting log entries that are older than
seven days with newer log entries. It is recommended that you change
this value to something higher�say 31 days. Alternatively, you
could elect not to have logs overwritten automatically at all, in
which case you'll need to clear the log manually.
| 
No comments:
Post a Comment