If you are going to enable this degree of auditing, I would strongly recommend the use of third-party log management/security...
monitoring tools such as NetIQ Security Manager, LogLogic or ArcSight ESM. These tools can both manage the quantity of logs as well as the volume of events. Doing otherwise, in my experience, results in auditing policies that are effectively worthless because data is near impossible to find. It is also difficult to manage the volume of data (which can exceed gigabytes of data per day).
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.