|
Posted by Al Dunbar on March 15, 2009, 2:28 am
Please log in for more thread options
show/hide quoted text
> Hi all. I recently became suspicious that some users on my network are
> making
> misuse of the files on the server. Therefore I enabled audditing for both
> successfull and failed attempts. This made the secutiy log large enough
> and
> created a performance overhead. In fact the backup routine done in the
> night
> did not complete in the required time and I had to terminate it and remove
> auditing to be able to complete.
> My question is this...is there a way to enable auditing and at the same
> time do
> not create a performance bottleneck? so that backup could complete? or
> which
> auditing entries are the most essential?
I'm no expert on auditing, however, it would appear that you might have
turned on auditing for too many different events. What, precisely, do you
think it is your users are doing, and what gave rise to your suspicions?
/Al
| 
XML Sitemap
> making
> misuse of the files on the server. Therefore I enabled audditing for both
> successfull and failed attempts. This made the secutiy log large enough
> and
> created a performance overhead. In fact the backup routine done in the
> night
> did not complete in the required time and I had to terminate it and remove
> auditing to be able to complete.
> My question is this...is there a way to enable auditing and at the same
> time do
> not create a performance bottleneck? so that backup could complete? or
> which
> auditing entries are the most essential?