Backing up Audit Data

Your organization should have an audit data maintenance policy. The policy should answer these questions:

• How often should audit data be backed up in case of a disk crash or similar malfunction (since audit data is not backed up with volume or NDS data using SBACKUP)?
• Is online audit data sufficient, or do you need to back up the audit data to offline storage for long-term access?
• How long should offline audit data be stored?
• How should offline audit data be stored? Can it be kept in server files, and be backed up with other files? Or should it be stored on a client workstation or removable media?
• Is it sufficient to back up one copy of each container audit file, or do you need to back up all copies to ensure that you have a complete audit trail? (Container audit records are copied to all servers that hold a replica of the container, but there is no guarantee that every record will be stored in all copies.)

Depending on the policies set by your organization, you might need to back up old audit files before online audit files are overwritten or deleted.