We have a Windows Domain Controller(DC) that creates lots of security events. We are monitoring wineventlog://security and have noticed that, on a regular basis, we get no events. We know the events are there because we can see events we missed in the evt files that are kept. The OS has a policy to rotate the log when it gets to a certain size, and we are thinking this may be when we stop getting events. This happens on all of our DCs, but not at the same time. Any experience with high volume DCs and logs rolling causing a problem?
@bstimely Assuming you have a high performing IDX at the recipient end, i would perform the following analysis to make the changes
@bstimely Assuming you have a high performing IDX at the recipient end, i would perform the following analysis to make the changes