Change History - Log Retention

We are a large organization about 45k users.  Currently our change history is set to the default 30 days.  We want to increase that to a one year retention time but should we be concerned with database size retaining logs for that long?

Parents
  • The answer to this really depends on how busy your environment is - that is, new accounts, changes to accounts and groups etc.   

    The size of the database (in GB) is not really the issue - it's more about performance as again, in a busy environment where there is a lot of change being recorded daily, a very large change history database can get sluggish.  This can manifests in the user experience as slow retrieval of change history records and also slower deprovisioning actions.

    For archival of (and reporting on) the change history, I recommend customers use something like Splunk to mine and archive the information out of the Administrative Service Windows event log rather than relying on the Change History database itself for long term storage.

    If you don't already have Splunk (or similar) another good option is Quest's Change Auditor which provides optimized auditing and storage of Active Directory changes.  It features integration with Active Roles too.

Reply
  • The answer to this really depends on how busy your environment is - that is, new accounts, changes to accounts and groups etc.   

    The size of the database (in GB) is not really the issue - it's more about performance as again, in a busy environment where there is a lot of change being recorded daily, a very large change history database can get sluggish.  This can manifests in the user experience as slow retrieval of change history records and also slower deprovisioning actions.

    For archival of (and reporting on) the change history, I recommend customers use something like Splunk to mine and archive the information out of the Administrative Service Windows event log rather than relying on the Change History database itself for long term storage.

    If you don't already have Splunk (or similar) another good option is Quest's Change Auditor which provides optimized auditing and storage of Active Directory changes.  It features integration with Active Roles too.

Children
No Data