DRA logs user activity data in log archives on the Administration server. DRA creates daily log archive partitions to store data collected and normalized that day. DRA uses the date in local time on the Administration server (YYYYMMDD) as the naming convention for daily log archive partitions.
If you have enabled the Management Reports Collector, DRA exports log archive data to a SQL Server database as the source for DRA Management reports.
Initially, DRA retains log data in the log archive indefinitely by default. The log archive size can reach a maximum size that is determined at installation time based on available hard drive space. When the log archive exceeds this maximum size, no new audit events are stored. You can set a time limit for data retention, and DRA removes the oldest data to make room for newer data through a process called grooming. Ensure you have a backup strategy in place before you enable grooming. You can configure the log archive retention period using the Log Archive Configuration utility. For more information, see Modifying Log Archive Grooming Settings.
You use the Log Archive Viewer utility to view data stored in log archive files. The NetIQ DRA Log Archive Resource Kit (LARK), which you can choose to install with DRA, provides the Log Archive Viewer utility. For more information, see the NetIQ DRA Log Archive Resource Kit Technical Reference.
A log archive file is a collection of record blocks. Because log archive files are compressed binary files that are located outside of a physical database, you do not need to use Microsoft SQL Server Management Studio to back up log archives. If you have an automated file backup system in place, your log archive files are backed up automatically like any other file.
Keep in mind the following best practices when planning your backup strategy:
A single partition is created each day that contains event data for that day. When you enable grooming, the Log Archive Service will groom the data from these partitions automatically every 90 days by default. The backup strategy should take into account the grooming schedule to determine the frequency of the backups. When the log archive partitions are groomed, DRA deletes the binary files. You cannot retrieve groomed data. You must restore groomed data from a backup. For more information, see Modifying Log Archive Grooming Settings.
You should only back up partitions after they have been closed. Under normal conditions, a partition is closed within 2 hours of midnight the next day.
Back up and restore partition folders and all their subfolders as a unit. Backup the VolumeInfo.xml file as part of the partition backup.
If you want to restore log archive partitions for reports, ensure backed up log archives retain or can be restored to their original format.
When configuring your process for backing up log archive files, NetIQ recommends you exclude both the index_data and CubeExport subfolders located in the main log archive folder. These subfolders contain temporary data and should not be backed up.
When you install DRA, log archive grooming is disabled by default. When you establish regular backup procedures for your log archive files, you should enable log archive grooming to conserve disk space. You modify the number of days before log archive partitions are groomed using the Log Archive Configuration utility.
To change the number of days before log archive partitions are groomed:
Log on to the Administration server using an account that is a member of the Local Administrators group.
Start Log Archive Configuration in the NetIQ Administration program group.
Click Log Archive Server Settings.
If you want to enable partition grooming, set the value of the Partition Grooming Enabled field to True.
Type the number of days you want to retain log archive partitions before grooming in the Number of Days before Grooming field.
Click Apply.
Click Yes.
Click Close.
Locate the path to the NetIQLogArchiveData\<Partition Name> folder, typically: C:\ProgramData\NetIQ\DRA\NetIQLogArchiveData
If the “File is ready for archiving” attribute on the files or folders within the specified partitions is not checked (in the file or folder properties), you must edit the CONFIG file to enable log archive grooming. To understand why this attribute might or might not be checked, see the Additional Information section in the Knowledgebase article How do you configure the data retention period for DRA Logarchival Data?.
To enable the DRA Log Archive Server to groom unarchived data:
Log on locally to each DRA server windows console as a member of the local administrators group.
Use a text editor to open the C:\ProgramData\NetIQ\Directory Resource Administrator\LogArchiveConfiguration.config file and locate the <Property name="GroomUnarchivedData" value="false" /> line.
Change "false" to "true" and save the file.
Restart the NetIQ DRA LogArchive Service.
NOTE:If you modify any log archive setting, you must restart the Log Archive service for the change to take effect.