File-Based Repository for Long-Term Archive
Long-Term Archive is a file-based repository for keeping activity records collected by Netwrix Auditor.
Long-Term Archive can be located on the same computer with Netwrix Auditor Server, or separately - in this case ensure that Netwrix Auditor Server can access the remote machine. By default, the Long-Term Archive (repository) and Netwrix Auditor working folder are stored on the system drive. Default path to the Long-Term Archive is %ProgramData%\NetwrixAuditor\Data.
To reduce the impact on the system drive in large and extra-large environments, it is recommended to move Long-Term Archive to another disk. For that, you should estimate the required capacity using recommendations in the next section.
Then you should prepare the new folder for repository, target Netwrix Auditor at that folder, and, if necessary, move repository data from the old to the new location.
To modify Long-Term Archive location and other settings:
In Netwrix Auditor client, click Settings → Long-Term Archive; alternatively, if you are viewing the Long-Term Archive widget of the Health Status dashboard, click Open settings.
- Enter new path or browse for the required folder.
- Provide retention settings and access credentials.
- To move data from the old repository to the new location, take the steps described in this KB article: https://www.netwrix.com/kb/1879.
Netwrix Auditor client will start writing data to the new location right after you complete data moving procedure.
Default retention period for repository data is 120 months. You can specify the value you need in the Long-Term Archive settings. When retention period is over, data will be deleted automatically.
If the retention period is set to 0, the following logic will be applied:
- Audit data for SQL Server, file servers, Windows Server: only data stored by the last 2 data collection sessions will be preserved.
- User activity data: only data stored by the last 7 data collection sessions will be preserved.
- Other data sources: only data stored by the last 4 data collection sessions will be preserved.
To examine the repository capacity and daily growth, use the Long-Term Archive widget of the Health Status dashboard.
To estimate the amount of activity records collected and stored to the repository day by day, use the Activity Records by date widget. Click View details to see how many activity records were produced by each data source, collected and saved to the Long-Term Archive and to the database.
Netwrix Auditor will inform you if you are running out of space on a system disk where the repository is stored by default — you will see this information in the Health Status dashboard, in the health summary email, and also in the events in the Netwrix Auditor health log.
NOTE: When free disk space is less than 3 GB, the Netwrix services responsible for audit data collection will be stopped.