Audit and Monitoring

Centrify DirectAudit SDK

Centrify DirectAudit collects audit data from computers running Windows and Linux and saves the data to the active SQL database in an audit store.

590

Typically, an Administrator manages the databases in the audit store by performing the following routine:

  1. Create and attach a new database.
  2. Rotate the new database into the active role.
  3. Keep previously-active databases in the audit store, so they remain available to Auditors.
  4. Detach databases when auditors no longer need them.

As databases become larger, they get harder to manage and take longer to search. Therefore, it is important to change the active database regularly without interrupting the collection of data (aka "rolling" or "rotating" the database).

Audit store databases have the following characteristics:

  • They can be attached (available for queries and playback) or detached.
  • An audit store can have only active database — that is, only one database currently receiving audit data from collectors.
  • If you rotate databases during a session and leave the retired database attached to the audit store, the auditor console displays it as a single session.
  • A database cannot be detached while it is the active database.
  • A retired previously-active database cannot be made active again.

To manage the databases directly, you can use the DirectAudit administration console. Alternatively, to automate those management tasks, periodically run scripts that use the API to rotate, attach, and detach databases. The DirectAudit software development kit (SDK) provides four sample scripts you can modify to suit your purposes: Two VBScript samples and two PowerShell samples. One pair of sample scripts, db_rotation, use default SQL database settings. The second pair of scripts, db_rotation_sql_script, let you customize the SQL database scripts to set up the database and the server.

How to Get the Centrify DirectAudit SDK

If you are a Centrify customer with Centrify Support entitlement, you can download the Centrify DirectAudit SDK here.

For OEM Opportunities with Centrify

Centrify has enabled manufacturers of storage systems, network devices and other IT infrastructure components to "Active Directory enable" their solutions to strengthen security and enhance manageability for their customers. If you would like to distribute commercial applications or systems that are improved by DirectManage SDKs, please fill out this form to become an Alliance Partner.

SDK Support

To get support for the Centrify DirectAudit SDK, click here to learn more about our support plans.