Home Forums Article Discussions Article Discussions by Author Discuss content posted by Ken Simmons SQL Server Preproduction Tasks RE: SQL Server Preproduction Tasks

  • November 26, 2008 at 8:43 am

    #903814

    Steven Webster (11/26/2008)

    Great article Ken. Much appreciated.

    Can I ask your views on the following - I recently had auditors in and one of their recommendations was to increase the maximum number of error log files to a value of 25000 or higher via a registry hack. In the vulnerability report they give the following reason for this:

    To prevent the loss of auditing data, it is recommended that you set this value high enough that the error logs will not be overwritten when restarting the database. Also note that there is a stored procedure, sp_cycle_errorlog, that closes an errorlog and creates a new file. An attacker could attempt to cover their tracks by overwriting files using this stored procedure. It is recommended that you set the value high enough that an attacker could not cycle the logs enough times in a reasonable amount of time to overwrite the error log containing an attack.

    Many thanks

    Steven

    I am not sure I would want to use a registry hack. I would see if I could archive the logs somewhere or something. I would just make sure to test it first. I know it is a registry setting that gets changed when you script it out, but I have never tried anything over the maximum value of 99.

    It wonder if it would get reset after a service pack upgrade?