Centrify DirectAudit 2.x/3.x
1) What are the best practices to backup and restore Direct Audit data from backup after rolling the database and removing the data from the Audit Store.
What is the process for doing this?
2) Does Centrify have any native tools that are part of the Direct Audit package that will compact and/or cleanup the database while it is still online. Or are there any recommendations for doing maintenance on the database directly through MSSQL that can shrink down the size of the working database?
1) Once you roll the database, best practice is to detach the database from Audit Store and either take it offline or take a backup and remove it from database server.
If the database needs to be brought back, you can restore it from the backup and then reattach the database to the Audit Store. Once reattached, all the sessions
stored in that database can be queried/replayed.
2) Centrify has native/standalone Purge Sessions tool that can be used to delete sessions that are older than x number of days. Another option is to use
FindSessions tool and schedule it to delete unwanted sessions. Both tools can be run on live/online database. Also, please note that both the tools only
cleanup the database but do not compact/shrink the database files. The shrink should be done separately and only if SQL server is running out of disk space.
Unless customer is running low on disk space, you should not shrink the database because SQL engine takes a lot more things into consideration before
allocating the disk space. When you shrink the database, SQL has an added overhead to reallocate the disk space when new data comes in.
Attached to the article is a file which has SQL statements.
The idea is to create a new SQL job and run these SQL commands in that job to cleanup old sessions.
DBA can then schedule the job to run once a week or according to their preference.