-
Notifications
You must be signed in to change notification settings - Fork 268
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Collector Server #38
Comments
No, do not use a Domain Controller as a windows event log collector server. This will increase the attack surface on your DCs. If you don't have enough physical servers, look into virtualization. |
Hi @jokezone , Thanks for your reply. I understand that it is not good to forward the logs to a DC. Do you know what specs does the collector server needs to have inorder to receive logs from ~1500 endpoints? Is there anyway I could stress test this before pushing out to production? Please let me know. Your help is appreciated! |
I found this post from someone in a similar sized environment: As far as testing, you could deploy the event forwarding GPO gradually instead of all at once. |
Hi,
Do you recommend using Domain Controllers as windows event log collector servers?
I have implemented the WEF using your guide and its great! However we do not have a spare server to be used as a collector server. Can I use the Domain Controller as centralised logging point?
I am planning to forward Microsoft-Windows-Sysmon/Operational logs from ~1500 endpoints.
Please let know, your help is much appreciated! Thank you
The text was updated successfully, but these errors were encountered: