Send Knowledge Base Article
The article has been sent to your inbox successfully.
We never share your data
How can I decrease number of events being generated for Directory Service Access auditing?
KB1677 | Last review: Jul 30, 2014 | Netwrix Auditor for Exchange, Netwrix Auditor for Active Directory | 5.0 and above
|Question||I enabled Directory Service Access auditing and configured auditing categories in accordance with the Installation and Configuration Guide,but this configuration generates a lot of events and Security event log keeps being overwritten (even after increasing its size to maximum). How can I decrease the number of events being generated for Directory Service Access auditing?|
|Answer||Despite the fact that the Installation and Configuration Guide recommends to enable almost all categories while configuring object-level auditing, not all of them are being used by Netwrix Auditor.
So, to decrease the event generation you can uncheck the unnecessary categories in default domain container auditing settings. The following steps outline how to modify domain container auditing settings and prevent the generation of unnecessary events (decrease the Security event log usage):
Was this information helpful?