Open coleJ98 opened 5 years ago
jokezone
commented
5 years ago No, do not use a Domain Controller as a windows event log collector server. This will increase the attack surface on your DCs. If you don't have enough physical servers, look into virtualization.
coleJ98
commented
5 years ago No, do not use a Domain Controller as a windows event log collector server. This will increase the attack surface on your DCs. If you don't have enough physical servers, look into virtualization.
Hi @jokezone ,
Thanks for your reply. I understand that it is not good to forward the logs to a DC. Do you know what specs does the collector server needs to have inorder to receive logs from ~1500 endpoints?
Is there anyway I could stress test this before pushing out to production? Please let me know. Your help is appreciated!
jokezone
commented
5 years ago I found this post from someone in a similar sized environment:
As far as testing, you could deploy the event forwarding GPO gradually instead of all at once.
Hi,
Do you recommend using Domain Controllers as windows event log collector servers?
I have implemented the WEF using your guide and its great! However we do not have a spare server to be used as a collector server. Can I use the Domain Controller as centralised logging point?
I am planning to forward Microsoft-Windows-Sysmon/Operational logs from ~1500 endpoints. Please let know, your help is much appreciated! Thank you