If you are going to enable this degree of auditing, I would strongly recommend the use of third-party log management/security monitoring tools such as NetIQ Security Manager, LogLogic or ArcSight ESM. These tools can both manage the quantity of logs as well as the volume of events. Doing otherwise, in my experience, results in auditing policies that are effectively worthless because data is near impossible to find. It is also difficult...
to manage the volume of data (which can exceed gigabytes of data per day).
Dig Deeper on Patches, alerts and critical updates
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.