How to configure Netwrix Auditor in failover mode?

This article applies to Netwrix Auditor 9.5 and above and describes how to configure Netwrix Auditor in failover mode.
Email It to Me Print this Page
Question How to configure Netwrix Auditor in failover mode to minimize the downtime and risk of losing audit data in case of outage?
Answer 1. Preparation  
  • Install Netwrix Auditor on a virtual machine. If Netwrix Auditor is already installed on a physical machine, consider migrating it to a virtual box. Some vendors support "physical to VM" migration.
  • Configure Audit Archive to be stored on a remote location, e.g. shared iSCSI volume. Refer to the following Netwrix knowledge base article for instructions on how to move Long-term Archive to a new location: How to move Long-Term Archive to a new location (Netwrix Auditor 9.0 and above).
  • Configure the Short-Term Archive to be stored on a remote location, e.g. shared iSCSI volume. Contact Netwrix technical support for instructions on how to move Short-Term Archive to a new location.
2. Backup & Failover
  • Ensure that the volume under Audit Archive and Temp storage is redundant enough to survive failure.
  • Use the features provided by your virtualization vendor to ensure zero-downtime of Netwrix Auditor machine (like HyperV Live Migration or VMware VMotion.)
Alternative scenarios:
 
Backup
  • Ensure that the volume under Audit Archive and Temp storage is redundant enough to survive failure.
  • Once Netwrix Auditor is up a fully operational, back up the virtual machine. You can configure backup as often as every hour (differential backups for example with 1 daily full).
  • Set up regular backups of Netwrix Auditor configuration file: on the machine where Netwrix Auditor Server is installed, navigate to %ProgramData%\Netwrix Auditor\AuditCore\ConfigServer and save the Configuration.xml file to any location, i.e. backup the exact file and do not execute procedure to import/export configuration).
 Failover
  • Restore the Netwrix Auditor machine from snapshot.
  • Restore the configuration.
Was this information helpful?