Database activity auditing records all actions affecting the archive databases and stores the data in a SQL Server in the database MArcAudit. Follow the steps below to turn on database auditing.
- Auditing was never enabled before and you want to enable it for the first time.
- Auditing is supposed to be enabled but the auditing database [MArcAudit] is not found in the SQL Server. The configuration file [...GFI\Archiver\Core\Data\MArcSettings.xml] shows that Auditing is not enabled.
- From the Configuration tab, click Auditing.
- Click Configure.
- Enter the Server name in the text box and choose the Authentication method to use to connect to the SQL Server®.
Option Description Integrated Windows Authentication
Uses the currently logged on user to connect to SQL Server.
Microsoft SQL Server Authentication
Uses the credentials you enter the Login Name and Password: fields to connect to SQL Server. These will be used by GFI Archiver to read/write from the auditing database.
- Click Next to continue.
Note: The account specified must have sysadmin or database owner privileges.
- To create a new database within the previously selected SQL Server, choose New Auditing Database and provide a name in the text box. To use an existing database, choose the option Select an Existing: auditing database from the displayed list of databases. Click Next to continue.
- Specify whether to enable tracing on GFI Archiver archive stores. Choose Enable trace on Archive Stores to log database activity data and specify the path on the SQL Server machine where the trace files will be stored. Click Next to continue.
Note: Ensure that the location specified is accessible using the user account under which the SQL Server service is running. Lock down the location where you store the SQL Server trace files through NTFS permissions so that only the SQL Server Service can access the location. This, together with the exclusive lock held by the SQL Server service, ensures that the data in the trace files cannot be tampered with.
- Specify whether to enable user interaction auditing. This will record all the activity of the GFI Archiver user interface by users. To enable, choose Enable user interaction auditing. Click Next to continue.
- Review the Auditing Database setup summary and click Finish to finalize setup.
Allow the system to continue Archiving mail as normal, with users accessing mail for a short period after enabling this feature. After giving time for the trace data to be populated, proceed to run an Audit Report as shown in the Related Articles below.