Keep the following recommendations in mind as you prepare to implement auditing:

  • Consider the application databases as short-term storage for audit data.
  • Do not enable full audit indexes on short-term storage (apart from the databases used for reporting).
  • Use a separate, Type II storage area for audit data and another separate, Type II area for audit indexes, and archive the audit data frequently.
  • Use a designated database for long-term audit archiving and reporting, and make it more secure than the production database, which provides access to many users.
  • Audit only what is absolutely necessary to save space and improve performance.
  • Plan for reporting by grouping event IDs into ranges, structuring audit context field values consistently, and leveraging audit event groups.
  • Tune your short-term auditing database for high performance in a high-traffic scenario.
  • Tune your long-term storage for great size and reporting capabilities.