Schedule Tab Page Audit List Tab Page Discovery Tab Page Alerts & Logs Tab Page Cache Tab Page Advanced Settings Tab Page


 Documentation\Configuration\Audit Server\Cache
    The Cache tab page contains the settings for controlling the Local Cache of audit records and tools for viewing the collected audit records.

    When Audit Server performs the scheduled collection of audit data records from the machines indicated on the Audit List, it collects the individual audit records into data files saved in the folder specified here (known as the Local Cache). Data files remain in the Local Cache for the length of time specified in the Cache Retention section.

    Domain Time II Audit Server - Cache Tab

    Cache Retention

    The Local Cache is primarily intended as temporary storage for audit records which are eventually to be transferred to permanent offline archival. The local copies of the audit records can be retained indefinitely, or automatically deleted after a set period.

      The Delete local cache copies of audit data after days setting controls the automatic deletion of audit records (the maximum setting is 365 days). If the checkbox is not checked, records will be retained indefinitely.

      Keep in mind that without automatic deletion, audit data will accumulate at a rate based on the number of machines included and how often they are audited. Once you have begun auditing, it's a good idea to check to see how fast the data is growing and to occasionally check to be sure you have allocated enough disk space to accommodate the data (or manually move the records to offline storage).

      You can use the Audit Space Estimator to calculate how much disk space the audit data will require based on your rate of audits and the number of machines audited.

    Cache Location

    This section allows you to specify the disk folder where you wish the Local Cache to be stored.

      The cache location can be any valid file folder to which the Audit Server service account has sufficient rights to read and write files.

      If you must, you may indicate any valid UNC path to store the Local Cache files on a remote machine, however, be aware that should the remote machine become unavailable for any reason, audit data collected during that period will be irretrievably lost.

      Important Note:
      Best practice requires that the Local Cache folder must be as secure as possible, and we strongly recommended that the folder be located on a local drive using the NTFS filesystem to accomplish this.

      Folder permissions should be set so that only the Audit Server service account (usually System) has Full Control. Administrators should be set to Read-Only, and everyone else should be denied access entirely. You may also wish use the Windows operating system level auditing to monitor the Local Cache folder for unauthorized changes.

    View Audits...

    Audit Server includes a program called DTREADER.EXE. DTReader is automatically associated with files having the extension .dtad (DT Audit Data) during the installation of Audit Server. DTReader is used to view Audit Server data files whether from the Local Cache or retrieved from any other storage location. You may copy the program to any machine from which you'd like to view audit records.

    Note: DTREADER.EXE does not function on Windows Server Core systems. To view sync logs collected by Audit Server on Server Core systems, you must copy the DTREADER.EXE utility from the /System32 folder to a non-Core system and use it from there to view the .dtad audit records through a network share on the Core machine.

    When you click the View Audits button, the control panel applet launches DTReader to let you select and view files from your local cache.

    Audit record details
    Audit record details using the View Audits function


Copyright © 1995-2021 Greyware Automation Products, Inc.  All Rights Reserved
All Trademarks mentioned are the properties of their respective owners.
Greyware Automation Products, Inc.
308 Oriole Ct, Murphy, TX 75094
972-867-2794 (voice) 972-208-1479 (fax)

Close Printer-Friendly Version