Increasing the Size of Log Files on Target Computers

  • Article

To reliably manage the state of a computer, MOM must be able to retrieve the latest events from the event logs of the computer. If an event log on a managed computer fills up, then event logging can stop or events be overwritten, depending on how that event log is configured for this condition.

Important

If event logging stops, MOM cannot pick up the latest events until the log has been manually cleared and new events are being logged. If MOM cannot pick up the latest events, important information about the state of health for the computer may not be reported

If the Security log fills up, the managed computer can become locked. For more information, see article number 232564 in the Microsoft Knowledge Base at

For computers on which you plan to install a MOM agent, it is recommended that you increase the size of:

  • The Windows event logs.

  • Other event logs, such as Directory Service, File Replication, and DNS.

  • Any application logs, such as Microsoft Internet Information Services (IIS) log files.

This helps to ensure that the log files on the managed computers do not fill up too quickly and stop logging events. For the Application, System, and Security logs, it is recommended that you increase the maximum log size to at least 25 MB.

It is also a best practice to configure logs to Overwrite events as needed. With this option, when the log is full, it can continue to log new events, with each new event replacing the oldest event.

Important

    Configuring the Security log to Overwrite events as needed might result in the loss of some security events. Ensure that you follow your companys policies with regarding security event logging.

Also adjust the log sizes depending on the role of the computer and the available disk space. You might need to increase the log size further under the following circumstances:

  • You want to preserve and review data over a longer time period.

  • The computer is running an application that generates a high volume of data.

  • The computer is a domain controller.

  • The computer has a large amount of available disk space.

To modify Windows event log settings for agent-managed computers

  1. On the Start menu, point to Programs, point to Administrative Tools, and then click Event Viewer.

  2. Right-click the event log that you want to modify settings for: Application, Security, or System.

  3. Click Properties, modify the settings, and then click OK.

Considering Network Usage

If you plan to deploy a large number of MOM agents, it is recommended that you wait until after peak business hours to ensure that you do not negatively impact network performance. You can reduce the network bandwidth usage by discovering computers and installing agents in phases.