Go Up
You are here: DeploymentDeployment PlanningSQL Server and Audit Database

SQL Server and Audit Database

Netwrix Auditor uses SQL Server databases as operational storages that keep audit data for analysis, search and reporting purposes. Supported versions are SQL Server 2008 and later (Reporting Services versions should be 2008 R2 or later).

  • You will be prompted to configure the default SQL Server instance when you create the first monitoring plan; also, you can specify it Netwrix Auditor settings.
  • You can configure Netwrix Auditor to use an existing instance of SQL Server, or deploy a new instance, as described in the Default SQL Server Instance section.


For evaluation and PoC projects you can deploy Microsoft SQL Server 2014 Express Edition with Advanced Services (sufficient for report generation).

For production deployment in bigger environments, it is recommended to use Microsoft SQL Server Standard Edition or higher because of the limited database size and other limitations of Express Edition.

Make your choice based on the size of the environment you are going to monitor, the number of users and other factors. This refers, for example, to Netwrix Auditor for Network Devices: if you need to audit successful logons to these devices, consider that large number of activity records will be produced, so plan for SQL Server Standard or Enterprise edition (Express edition will not fit).

Netwrix Auditor supports automated size calculation for all its databases in total, displaying the result, in particular, in the Database Statistics of the Health Status dashboard. This feature, however, is supported only for SQL Server 2008 SP3 and later.


To store data from the data sources included in the monitoring plan, the Monitoring Plan Wizard creates an Audit Database. Default database name is Netwrix_Auditor_<monitoring_plan_name>.

NOTE: It is strongly recommended to target each monitoring plan at a separate database.

Also, several dedicated databases are created automatically on the default SQL Server instance. These databases are intended for storing various data, as listed below.

Database name Description


Stores alerts.


Stores activity records collected using Integration API.


Stores internal event records.


Stores views to provide cross-database reporting.


Stores data imported from Long-Term Archive

These databases do not appear in the UI; if you need their settings to be modified via SQL Server Management Studio, please contact your database administrator. For example, you may need to change logging and recovery model (by default, it is set to simple for all these databases, as well as for the Audit databases).

See next:

Go Up