In the first part of this blog series, we learned that DoS attacks can be detected by monitoring slow servers in the network. Next, we will introduce how to solve the problem of insufficient disk space in Windows server through log management.
Disk space, also known as disk capacity, refers to the maximum amount of data that a disk can hold.
As the usage time and usage increase, the available space in the disk will gradually decrease, which may lead to insufficient disk space. Insufficient disk space may lead to unexpected situations such as slow server response, errors during software update, or disk freezing. These problems will seriously hinder the performance of servers (especially database servers and mail servers).
If there is no free space left on the disk, the server will crash and the hosted service cannot be accessed. If it is a remote server, this problem is difficult to repair.
In Windows, the event of insufficient disk free space is logged as ID 2013
Activity ID: 2013
Resource: Server
Type: Warning
Description: The disk is full or close to capacity, you may need to delete some files.
By default, when the disk free space is less than 10% of the total disk capacity, the system will generate this event. But you can also modify this percentage in the following places in the registry:
位置: HKLM \ SYSTEM \ CurrentControlSet \ Services \ LanmanServer \ Parameters
Data type: REG_DWORD
Range: 0–99 (percentage)
Monitoring this event on the storage server can help you avoid unexpected situations such as system crashes in time. Collecting only a simple alarm in the server log, such as a 20% disk free space alarm, can give you enough time to optimize storage.
However, considering the actual situation, it would be a very cumbersome process to track the above operations by manually filtering a large amount of log data. The ManageEngine EventLog Analyzer automated log management tool can not only help you review the above operations, but also help you review all other log events in the network device and generate reports, and notify the administrator in time through alerts.
In addition, the EventLog Analyzer tool also has a powerful function of correlating log data. It can correlate related log events and analyze and identify potential security threats. EventLog Analyzer can be used to understand what is happening on the network at any time.