windows security logging

[Howell]

Does anyone have a solution for windows security logging?

Requirements:
I'd like to keep 6 months worth of basic security events for 2 domain controllers and do it for minimal cost.

Hurdles:
The maximum log file size on server 2003 is 4G.
"Event Viewer logs are memory mapped files. The maximum size of an event log is constrained by the amount of physical memory in the local computer and by the virtual memory that is available to the event log process. Increasing the log size beyond the amount of virtual memory that is available to Event Viewer does not increase the number of log entries that are maintained." <shudder>


Any ideas?

 

[BingBangBop]

Save the logs in pieces. You can save logs, import saved logs, and you can clear logs whenever you want. So you are no longer constrained by size. The limit becomes how many pieces (how often you save/clear them).

 

[ddrueding]

BingBangBop got it in one. Windows can start a new log file after the current reaches a specified size.

 

[Howell]

I can not figure out how to implement David's suggestion with the 2003 native tools. Only various ways to guide overwriting seem to exist.

BBB, unless I'm missing something your process seems very manual. It does solve the file size problem however.

 

[BingBangBop]

I suppose you could write a script and attach it to a schedule but to my knowledge using the native tools you are correct that it must be done manually.

Doing a google search I did find this: http://www.petri.co.il/event_logs_archiving_with_gpo.htm

 

[Howell]

Awesome, Bx3! I bow to your google-fu.

I had spent quite a bit of time only to come up emtpy.