How to reduce the audit database size for Netwrix Auditor

Netwrix Auditor SQL Databases
9.0-9.7
9.8
Delete Database
https://kb.netwrix.com/2282
Copy Article URL Copied

Netwrix recommends that you proactively manage audit data and log files by considering the recommendations below.


Note: Data that is removed from altering or deleting Audit Databases will no longer be readily available for searching and reporting. In order to query that data, you will need to perform an “Investigation

 

To configure Audit Database retention settings, do the following:

  1. Launch Netwrix Auditor and navigate to Settings > Audit Database
  1. Click Modify next to Database Retention and type in a retention period in days.

Note: Longer retention periods results in larger Audit Databases

User-added image

Data that exceeds the new retention period will be removed during the next collection, reducing the Audit Database size.
Note: If you are using SQL Server Express edition to save your audit data, you may find that your Audit Databases quickly reach the 10 GB limit. Instead of fine-tuning retention settings, you may choose to delete and recreate your Audit Databases. To do this, continue with the steps below.

To delete an Audit Database, perform the following steps:
  1. Start SQL Management Studio and navigate to “SQL_Server_database_name” > Databases and select the database you are going to delete.

User-added image

2. In the Delete Object window, make sure that the following options are selected:

  • Delete backup and restore history information for databases.
  • Close existing connections.

The Audit Database has now been successfully removed.

To rebuild the Audit Database, do the following:

  1. Navigate to each Monitoring plan > Edit > Edit settings > Audit Database.
  2. Review the database name and update it if necessary. Netwrix Auditor allows you to specify settings for each monitoring plan individually so you need to rebuild the database for each monitoring plan separately.
    User-added image
  3. Refresh or re-open the SQL Management Studio and make sure that the Audit Database was re-built.

In order to correctly set the retention period, you need to estimate your Audit Database growth.

If you are using Netwrix Auditor 9.6 or newer, this can be done by monitoring Health Status > Database statistics:

If you are using Netwrix Auditor 9.0 or 9.5, do the following:

  1. Start the SQL Management Studio and locate the required database.
  2. Right-click it and select Properties.
User-added image
  1. Review the Size and Space Available parameters.
Note: This will need to be done over the course of several days to get the best estimate of growth.
Go Up