This article applies to Netwrix Auditor 7.0 and above. It explains how to reduce the Netwrix Auditor Audit Database and save the disk space on the computer where you are going to dispose your audit data.
Netwrix recommends that you proactively manage your audit data and log files by considering the recommendations below.
Note: if you are going to follow the instruction below, keep in mind that you may lose some important audit data.
To configure Audit Database retention settings, do the following depending on your Netwrix Auditor version.
- Launch Netwrix Auditor.
- For Netwrix Auditor 7.0: navigate to Managed Objects -> <your_Managed_Object_name> -> Event Log -> AuditIntelligence Settings.
- For Netwrix Auditor 7.1 - 8.5: navigate to Managed Objects -> <your_Managed_Object_name> - Event Log -> Audit Database Settings
- For Netwrix Auditor 9.0 and above: navigate to Settings -> Audit Database
- Click Modify next to Database Retention and type in a retention period in days.
Note: the longer period you specify, the larger your Audit Database size is.
The Audit database will be reduced during the next data collection.
Note: if you are using SQL Server Express edition to save your audit data and once you notice that your database size grows and approaches to 10 GB, delete and re-create your Audit Database.
To do it, perform the following steps:
- Start SQL Management Studio and navigate to <Your_SQL_Server_name> -> Databases and select the database you are going to delete.
In the Delete Object window, make sure that the following options are selected:
The Audit Database has been successfully removed.
- Delete backup and restore history information for databases.
- Close existing connections.
To rebuild the Audit Database, do the following:
- Depending on your Netwrix Auditor version, navigate to one of the following location:
- For Netwrix Auditor 7.0: in Netwrix Auditor Administrator Console, navigate to Settings -> AuditIntelligence.
- For Netwrix Auditor 7.1 - 8.5: in Netwrix Auditor Administrator Console, navigate to AuditArchive -> Audit Database.
- For Netwrix Auditor 9.0 and above: navigate to each monitoring plan -> Edit -> Edit settings -> Audit Database.
Do the following, depending on your Netwrix Auditor version:
In order to correctly set the retention period you need to estimate your Audit Database growth.
- Refresh or re-open the SQL Management Studio and make sure that the Audit Database was re-built.
To do it, do the following:
- Start the SQL Management Studio and locate the required database.
- Right-click it and select Properties.
- Review the Size and Space Available parameters.
Note: This will need to be done for several days to get the best estimate of growth.
Now the audit data becomes available for reporting in Netwrix Auditor.