High Availability for Audit Trails

Audit logs are only valuable when they're complete. A gap in your audit trail—even minutes—can mean missing evidence of a breach, failing a compliance audit, or losing visibility into critical database activity. DataSunrise 11.3 introduces High Availability (HA) for database trail collection, ensuring continuous audit processing even when infrastructure failures occur.

The Problem with Audit Gaps

Traditional database activity monitoring relies on a single collector capturing query traffic. When that collector fails—whether from hardware issues, network problems, or maintenance events—audit logging stops. The result:

• Compliance violations: Regulations like PCI DSS, HIPAA, and SOX require continuous audit trails
• Security blind spots: Attackers may exploit monitoring outages to execute unauthorized queries
• Forensic limitations: Incident investigations can't reconstruct activity during collection gaps
• Audit failures: External auditors flag incomplete logs as control deficiencies

For organizations where database audit is a regulatory requirement, any interruption creates risk.

How Trail HA Works

New in DataSunrise 11.3, when HA is enabled, only one trail instance per database interface is active at any time across a DataSunrise cluster. The system provides:

• Automatic Leader Election: When multiple trails are configured for the same database interface across a cluster, HA ensures only one trail actively processes audit events
• Automatic Failover: If the active trail fails or becomes unresponsive, standby trails automatically detect the failure and elect a new leader
• Progress Preservation: Trail processing progress (last processed record, file position) is stored in the dictionary database and shared across all trail instances
• No Data Loss: Failover occurs without losing audit events, as standby trails resume from the last known position

Heartbeat and Failover Mechanism

The active leader trail sends periodic heartbeat updates to the dictionary database. Standby trails monitor these heartbeats and detect failures based on configurable timing parameters:

When a leader failure is detected, all standby trails compete to become the new leader. Database-level locking ensures only one succeeds, and processing resumes from the last known position.

Zero Manual Intervention

Trail HA operates autonomously:

• Health monitoring: Nodes continuously verify cluster member status
• Automatic recovery: Failed nodes rejoin the election pool when restored
• State synchronization: Cluster configuration remains consistent across members

Operations teams can trust that audit collection continues regardless of individual node availability. State changes are logged in Event Monitor → System Events for awareness.

Prerequisites

Trail HA requires:

• DataSunrise cluster with multiple servers
• Non-SQLite dictionary database (PostgreSQL, MySQL, MS SQL, or Oracle)
• Multiple trail instances configured for the same database interface across different cluster servers

Note: HA is not supported with SQLite as the dictionary database, as SQLite doesn't provide the row-level locking required for leader election.

Enabling Trail HA

1. Navigate to System Settings → Additional Parameters
2. Set TrailHAEnabled to Enabled
3. Configure timing parameters based on your network latency and requirements
4. Create trail instances on multiple servers for the same database interface
5. Enable trails on all servers

When TrailHAEnabled is turned on, only one trail will actively process events while others remain in standby mode.

Best Practices

• Set TrailHAHeartbeatTimeout to at least 2-3 times the TrailHAHeartbeatInterval to account for network delays
• Use a production-grade database (PostgreSQL, MySQL, MS SQL, Oracle) for the dictionary
• Ensure all cluster servers have synchronized clocks using NTP
• Test failover behavior in non-production environments before deployment

Meeting Compliance Requirements

Regulatory frameworks expect audit controls to operate continuously. Trail HA directly addresses these requirements for PCI DSS, HIPAA, SOX, and GDPR compliance—auditors can verify that audit collection remains operational even during infrastructure failures.

High Availability for Audit Trails is available now in DataSunrise 11.3. For organizations running DataSunrise clusters, your compliance posture remains intact regardless of individual node failures.