To successfully maintain a Microsoft Exchange Server system, you must correctly configure your Windows NT event-log settings. Make sure the event logs are large enough to handle reporting from Exchange Server. The default log size for NT is a modest 512KB. With Exchange Server's verbose logging, you'll soon realize the necessity of increasing this allowance. Consider boosting your log size to at least 10MB for each of the three NT event logs: System, Application, and Security. (To change log size, open NT's Event Viewer and choose Log, Log Settings from the menu bar.) You must resize each log individually.
Depending on the type of logging you enable in Exchange Server (or in NT), 10MB might be insufficient. Whether you want to retain all log entries will also affect your log-size requirements. As a general rule, I suggest using the option to Overwrite Events as Needed. The other options—Overwrite Events Older than x Days and Do Not Overwrite Events (Clear Log Manually)—can cause important events to go unrecorded. I also suggest that you include your NT logs in your server's backup plan. Microsoft tools such as Dumpel (in the Microsoft Windows 2000 Resource Kit and the Microsoft Windows NT Server 4.0 Resource Kit) and third-party products such as Frank Heyne Software's EventSave (available for free download at http://www.heysoft.de) deal specifically with event-log archiving. (For more information about using these tools to report event-log activity, see Randy Franklin Smith, "Archiving and Analyzing the NT Security Log," August 2000.)