Log Consolidation

Applies To: Windows Server 2008, Windows Server 2008 R2

While log trimming is considered a useful practice, in many environments, old information from the logs is necessary for trend estimation, discovery or other uses. As such, conserving some data that is relevant in the long term is desirable.

In order to do this, you can create scripts to identify fields that might be of long-term use and to send these fields to a centralized aggregation database. At the same time, these scripts can potentially perform record consolidation, compression, de-normalization and transformation of the data, if desired.

A single aggregation server can receive the old data from several AD RMS certification or licensing clusters, centralizing the historical data in a single server for reduced cost and easier exploitation of the information. Reports that evaluate long-term trends can then be developed that use the aggregated data in the consolidation database. An additional benefit is that higher performance results when you run reports on a secondary server, rather than with detailed information kept in the live databases. In general, reporting based on the consolidated database is recommended, as the smaller size and potentially simpler database schema leads to easier report construction and faster performance. In this case, it is required that you build the consolidated database with all the records in the source logging databases, rather than with only the old data.

Information on the AD RMS logging database schema and contents is provided in the AD RMS Logging Database Tables section.

A sample of a script that performs logging database consolidation for AD RMS is included in the AD RMS Log Consolidation Sample.