Audit and Monitoring Architecture

The audit architecture includes several components to ensure a smooth operating and secure audit environment. A Collector is the service that collects audit records from servers being audited and stores them in the audit store database. Avoid deploying the collector on the same machine as the active Audit Store database’s SQL Server.

When using the Centrify Agent for Windows to audit sessions, configure data capture at native color depth when auditing systems with many concurrent users (such as Citrix XenApp server). When not capturing at native color depth, the DirectAudit daemon has to transform the captured data to its target format which ends up consuming CPU cycles.  To automatically set native color depth at installation time, see the Centrify documentation.