Configuring the scope of an audit store

In most organizations, a single audit store is used to map to an Active Directory site. However, there are situations where you might want to define the scope of an audit store based on subnets. For example:

  • If you have a subnet that Active Directory considers part of a site that is connected over a slow link you might want to configure a separate audit store and collectors that service audited computers in the remote subnet.
  • If you have very large Active Directory site, you might require multiple audit stores for load distribution. You can accomplish this by partitioning an Active Directory site into multiple audit stores based on subnets. Each subnet has its own audit store, set of collectors, and audited computers.

You can configure the scope of an audit store by adding or removing Active Directory sites or subnets.

To configure the scope for an audit store:

  1. Open Audit Manager.
  2. Expand the installation node, then expand Audit Stores and select a specific audit store name.
  3. Right-click, then select Properties.
  4. Click the Scope tab.
  5. Click Add Site to select an Active Directory site from the list of sites found or click Add Subnet to type a specific subnet address and mask.