SQL Server and Audit Database
Netwrix Auditor uses SQL Server databases as operational storages that keep audit data for analysis, search and reporting purposes. Supported versions are SQL Server 2008 and later (Reporting Services versions should be 2008 R2 or later).
Default SQL Server instance is configured when you create the first monitoring plan. You can configure Netwrix Auditor to use an existing instance of SQL Server, or deploy a new instance, as described in the Default SQL Server Instance section.
For evaluation and PoC projects you can deploy SQL Server 2014 Express Edition with Advanced Services (sufficient for report generation). See the Install Microsoft SQL Server and Reporting Services section and Microsoft documentation for more information.
To store data from the data sources included in the monitoring plan, a user creates an Audit Database for each plan. Default database name is Netwrix_Auditor_<monitoring_plan_name>.
NOTE: It is strongly recommended to target each monitoring plan at a separate database.
Also, several dedicated databases are created automatically on the default SQL Server instance. These databases are intended for storing various data, as listed below.
Stores activity records collected using Integration API.
|Netwrix_Auditor_EventLog||Stores internal event records.|
|Netwrix_CommonDB||Stores views to provide cross-database reporting.|
|Netwirx_ImportDB||Stores data imported from Long-Term Archive|
These databases do not appear in the UI; if you need their settings to be modified via SQL Server Management Studio, please contact your database administrator. For example, you may need to change logging and recovery model (by default, it is set to simple for all these databases, as well as for the Audit databases).