Netwrix recommends that you proactively manage audit data and log files by considering the recommendations below.
Note: if you are going to follow the instruction below, keep in mind that you may lose some important audit data.
To configure Audit Database retention settings, do the following:
- Launch Netwrix Auditor and navigate to Settings > Audit Database
- Click Modify next to Database Retention and type in a retention period in days.
Note: the longer period you specify, the larger Audit Database size is.
- Start SQL Management Studio and navigate to “SQL_Server_database_name” > Databases and select the database you are going to delete.
- Delete backup and restore history information for databases.
- Close existing connections.
The Audit Database has been successfully removed.
To rebuild the Audit Database, do the following:
- Navigate to each Monitoring plan > Edit > Edit settings > Audit Database.
- Review the database name and update it if necessary. Netwrix Auditor allows you to specify settings for each monitoring plan individually so you need to rebuild the database for each monitoring plan separately.
- Refresh or re-open the SQL Management Studio and make sure that the Audit Database was re-built.
In order to correctly set the retention period, you need to estimate your Audit Database growth.
If you are using Netwrix Auditor 9.6 or newer, this can be done by monitoring Health Status > Database statistics:
If you are using Netwrix Auditor 9.0 or 9.5, do the following:
- Start the SQL Management Studio and locate the required database.
- Right-click it and select Properties.
- Review the Size and Space Available parameters.
Now the audit data becomes available for reporting in Netwrix Auditor.