Windows computers can keep a log of security events, such as failed logon attempts. It is helpful to know if attackers are trying to gain access to your network. When the log fills up, it overwrites itself with the oldest events first. By default, the log files are very small, and that makes it much easier for attackers to cover their tracks.
Almost universally, security log files are too small and have overwritten themselves, making it impractical, and sometimes impossible, to see what security events have been happening on the network for more than a few hours.
Ask your IT Pros to be sure that the security log file size is set to at least 256 Megabytes.
Your IT Pros probably already know all about security logs, and can find out all the details on Microsoft’s site. Someday, as time permits, they may be interested in monitoring more than the default events, and that’s good. Microsoft provides detailed recommendations about events to monitor.
Please forward this to every executive you know so that they can forward it to their IT professionals and outsourced IT companies. Experience has shown that the majority of companies are still configured to use the tiny default size, and attackers love that.