Opinion: Best practice for logging

does ms have best practice should audited , logged (general practice, , dc's)?

we have logging gpo setup in nt4 days, , in desperate need of updating.  right unmanageably large, , may not catching everything.  setting new log forwarding system.  have set now, , want refine being logged , passed.  think should start;

• logon , logoff (all: rdp, smb, etc.) 
• --------------what db or iis??
• any changes admin group

we don't want log stuff, thinking security point of view....perhaps can log lot more , forward logs. 

is there list event numbers logon events?  best practices type of guide?

i welcome input , opinion, ty time :)

---

blankmonkey

hi blankmonkey,

during research, didn't find official article best practice windows logging.

as far i'm concerned, depends on our requirements. example, if want log logon &logoff events, may configure here:

if want check rdp events, may check here:

event viewer -> applications , services logs\ microsoft\ windows, check event "teminalservices":

if want check iis events, may check here:

generally, default logging events may meet of our requirements, if have specific requirement logging, may ask how log specific services, , may provide specific help.

best regards,

anne

---

please remember mark replies answers if , unmark them if provide no help. if have feedback technet support, contact tnmff@microsoft.com.

Windows Server  >  Management