Applies to: Centrify DirectAudit version 2.x on All OS platforms.
There are two distinct groups of servers that require auditing:
1. One group of servers, which has over 90 percent of the hosts in the domain, and needs to be audited and have the session data retained for ~30 days.
2. Another much smaller set of servers, that needs to be audited and have the session data stored for 18 months to satisfy auditing requirements.
Is there a way to set the retention period on a per client basis; or can the clients be pointed to different databases so the retention on the DB server side can be controlled?
If running DA 2.0, there are several possible solutions:
1. If each unit belongs to a separate AD site, an Audit Store can be created per-site and the problem is solved.
2. If all machines belong to the same site; option #1 can be ruled out.
3. If each unit belongs to a separate subnet.
E.g. All machines in unit#1 have IP addresses like 10.x.x.x/255.0.0.0 and all machines in unit#2 have IP addresses like 192.168.x.x/255.255.0.0; In such cases one Audit Store can be dedicated to one subnet and the second Audit Store to the second subnet.
4. Another solution is to create two different AD groups, each representing a logical unit and contains computer account objects that belong to that unit. If these AD groups can be made, the two separate Audit Stores can be created and then add one group to the trusted Audited Systems list of one Audit Store and the second group to the trusted Audited Systems list of the second Audit Store. This way, data from unit#1 goes to one Audit Store and data from unit#2 goes to second Audit Store can be ensured.
Please note that all of these solutions are for DA 2.0 and NOT for DA 1.3