I have been told that enabling auditing on a domain controller imposes too much extra load on a system to enable it in production. I don't know anything about Windows server administration so I cannot easily set up a server myself and do load tests to compare the CPU, memory and disk usage between a system with auditing enabled to a system without it enabled, but I would like to know if this is true, that it imposes an unreasonable amount of extra load for a production server. So is there somewhere that mentions how much load it might add, or does anyone have know-how on how much extra (%) load it would add on a busy server?
Also, is it not just good practice to log the source of failed login attempts? Is there a security standard somewhere that recommends this to be enabled?
Sorry, that makes three questions.