Update Active Directory Identity information is dependent on Logon Event Logs?

  • 2
  • Question
  • Updated 8 years ago
  • Answered
Hi,

The Active Directory Identity has been configured to update every week. However, the event logs on the domain controllers will be purged every 3 days.

Will the purging of the event logs affect the information collection from LANGuardian, i.e, if a user accessed to a file on Server A in the morning, the logon event for the user was purged in the afternoon and LANGuardian updates the information in the afternoon into the database, the name will be displayed as N/A in the report?
Photo of NetFort

NetFort

  • 182 Posts
  • 2 Reply Likes

Posted 8 years ago

  • 2
Photo of NetFort

NetFort

  • 182 Posts
  • 2 Reply Likes
Official Response
No, this setting does not affect the reading of Event Logs by LANGuardian.

The 'update once per week' setting causes LANGuardian to check for any changes to the directory at the interval specified; changes such as new users being added, or a users email address being changed. It does not control how LANGuardian queries for User Logon Events. LANGuardian can operate quite happily without these updates, they just allow the system to generate more complete reports.

The User Logon Event information is read from the Event Security Log by LANGuardian once every 5 minutes or so. We recommend that the Event Log settings be changed to 'overwrite old events as required' and have a minimum logfile size of 16MB, to ensure all relevant events are available for LANGuardian to read them.

Events such as File Accesses are generated from Deep Packet Inspection of the network traffic and are unaffected by any of these settings.