Author: jcochran, Posted: Wed Aug 03, 2011 9:01 pm Post subject: More security events in 2008 than 2003? ---- I just noticed after adding a few 2008 R2 DCs that the volume of security events has drastically increased. Does anyone have any information or resources the outline the changes in the security log for 2008?
Author: ryansutton, Location: San Francisco, CaliforniaPosted: Thu Aug 04, 2011 6:30 pm Post subject: ---- Server 2008 added more categories and sub categories for logging, which is why you are seeing more events.
Author: jcochran, Posted: Thu Aug 04, 2011 6:32 pm Post subject: ---- Thanks. Yes I'm aware of "why" my event logs are bigger, but I was curious if anyone knew if the changes were documented. I have an application that archives security logs and I need to filter appropriately.
Author: jcochran, Posted: Thu Aug 04, 2011 9:13 pm Post subject: ---- That describes the new 53 auditing categories which are turned off by default.
Author: jcochran, Posted: Sat Aug 13, 2011 12:54 am Post subject: ---- Here is some good information that I found. While the 53 new audit categories are turned off by default, new audit sub-categories are added to existing 2003 categories. So if you have any of those audit categories enabled via Group Policy, you will notice more events.