Keep the following recommendations in mind as you prepare to implement auditing:
Consider the application databases as short-term storage for audit data.
Do not enable full audit indexes on short-term storage (apart from the databases used for reporting).
Use a separate, Type II storage area for audit data and another separate, Type II area for audit indexes, and archive the audit data frequently.
Use a designated database for long-term audit archiving and reporting, and make it more secure than the production database, which provides access to many users.
Audit only what is absolutely necessary to save space and improve performance.
Plan for reporting by grouping event IDs into ranges, structuring audit context field values consistently, and leveraging audit event groups.
Tune your short-term auditing database for high performance in a high-traffic scenario.
Tune your long-term storage for great size and reporting capabilities.
Consider the application databases as short-term storage for audit data.