Managing NT Event Logs

Before you enable Exchange Server 5.5 diagnostics logging, determine whether you need to make some configuration changes to your Windows NT event logs.

Paul Niser

February 27, 2001

1 Min Read
ITPro Today logo in a gray background | ITPro Today

To successfully maintain a Microsoft Exchange Server system, you must correctly configure your Windows NT event-log settings. Make sure the event logs are large enough to handle reporting from Exchange Server. The default log size for NT is a modest 512KB. With Exchange Server's verbose logging, you'll soon realize the necessity of increasing this allowance. Consider boosting your log size to at least 10MB for each of the three NT event logs: System, Application, and Security. (To change log size, open NT's Event Viewer and choose Log, Log Settings from the menu bar.) You must resize each log individually.

Depending on the type of logging you enable in Exchange Server (or in NT), 10MB might be insufficient. Whether you want to retain all log entries will also affect your log-size requirements. As a general rule, I suggest using the option to Overwrite Events as Needed. The other options—Overwrite Events Older than x Days and Do Not Overwrite Events (Clear Log Manually)—can cause important events to go unrecorded. I also suggest that you include your NT logs in your server's backup plan. Microsoft tools such as Dumpel (in the Microsoft Windows 2000 Resource Kit and the Microsoft Windows NT Server 4.0 Resource Kit) and third-party products such as Frank Heyne Software's EventSave (available for free download at http://www.heysoft.de) deal specifically with event-log archiving. (For more information about using these tools to report event-log activity, see Randy Franklin Smith, "Archiving and Analyzing the NT Security Log," August 2000.)

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like