Manage the Audit Store Database Size

The Audit Store database needs to be managed according to the company’s retention policy which often dictated by the security/compliance team.  To assure the audit service performs and scales as required, Centrify recommends keeping the active Audit Store database at most, between 250GB and 500GB in size.  Perform a database rotation if your active Audit Store database is larger than 500GB.  A database rotation takes the current active database and marks it inactive and makes a new database the active database.  See the Centrify documentation for how to automate database rotation.

Another approach is to delete audit records and shrink the size of the active database.  This approach works well as long as the indexes are also rebuilt.  Otherwise, shrinking the database without indexing will lead to fragmented indexes and poor query performance.  KB-8472 details how to shrink and re-build the database indexes.  

Centrify recommends keeping only databases that are required for auditing purposes attached to the audit infrastructure. The databases that are not needed should be detached. Customers often forget to detach the databases that are outside the company’s normal live data/retention policies. Too many attached Audit Store databases result into poor query performance and increased load on the Management database. Periodically review the list of attached Audit Store databases and detach the ones that are no longer needed to be online as per the retention policy.