Banks, credit unions, insurance companies,
How can I decrease number of events being generated for Directory Service Access auditing?
|Question||I enabled Directory Service Access auditing and configured auditing categories in accordance with the Installation and Configuration Guide,but this configuration generates a lot of events and Security event log keeps being overwritten (even after increasing its size to 4GB). How can I decrease the number of events being generated for Directory Service Access auditing?|
|Answer||Despite the fact that the Installation and Configuration Guide recommends to enable almost all categories while configuring object-level auditing, not all of them are being used by Netwrix Auditor.
So, to decrease the event generation you can uncheck the unnecessary categories in default domain container auditing settings. The following steps outline how to modify domain container auditing settings and prevent the generation of unnecessary events (decrease the Security event log usage):