Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-2831: Setting the retention period for a DirectAudit database on a per-client basis

Centrify DirectAudit ,  

12 April,16 at 11:10 AM

Applies to: Centrify DirectAudit version 2.x on All OS platforms.

Question:

There are two distinct groups of servers that require auditing:

 
1. One group of servers, which has over 90 percent of the hosts in the domain, and needs to be audited and have the session data retained for ~30 days.

2. Another much smaller set of servers, that needs to be audited and have the session data stored for 18 months to satisfy auditing requirements.

Is there a way to set the retention period on a per client basis; or can the clients be pointed to different databases so the retention on the DB server side can be controlled?


Answer:

If running DA 2.0, there are several possible solutions:

1. If each unit belongs to a separate AD site, an Audit Store can be created per-site and the problem is solved.

2. If all machines belong to the same site; option #1 can be ruled out.

3. If each unit belongs to a separate subnet.
E.g. All machines in unit#1 have IP addresses like 10.x.x.x/255.0.0.0 and all machines in unit#2 have IP addresses like 192.168.x.x/255.255.0.0; In such cases one Audit Store can be dedicated to one subnet and the second Audit Store to the second subnet.

4. Another solution is to create two different AD groups, each representing a logical unit and contains computer account objects that belong to that unit. If these AD groups can be made, the two separate Audit Stores can be created and then add one group to the trusted Audited Systems list of one Audit Store and the second group to the trusted Audited Systems list of the second Audit Store. This way, data from unit#1 goes to one Audit Store and data from unit#2 goes to second Audit Store can be ensured.

Please note that all of these solutions are for DA 2.0 and NOT for DA 1.3

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.