Auditing Vs Performance


M

MLtt

Hi all. I recently became suspicious that some users on my network are
making
misuse of the files on the server. Therefore I enabled audditing for both
successfull and failed attempts. This made the secutiy log large enough and
created a performance overhead. In fact the backup routine done in the night
did not complete in the required time and I had to terminate it and remove
auditing to be able to complete.

My question is this...is there a way to enable auditing and at the same time
do
not create a performance bottleneck? so that backup could complete? or which
auditing entries are the most essential?

Grazias
 
Ad

Advertisements

M

Marcin

Have you considered simply restricting permissions on relevant files to the
appropriate level? If this is not feasible, minimize level of auditing by
targeting only types of events and users/groups which are relevant to your
investigation...

hth
Marcin
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top