Sometimes the speed of processing SQL Server audit logs using LOGbinder is not as fast as one would like. This is a known issue, which is often caused by some factors that can be fine tuned and hence significantly improve processing speed.

LOGbinder for SQL Server depends on a SQL Server installation to read and process the audit logs. It has been noticed, that the more data is in the audit logs folder, the slower results are received from SQL Server when LOGbinder requests them. So, to speed up processing, we need to cut down on the amount of data in the audit log folder.

There are a few ways to do so:

• In the audit settings on the SQL Server that is producing the audit data, set the Audit File Maximum Limit / Maximum file size property. For example, if this is set to 100MB, then after the file size reaches 100MB, a new file will be started by the SQL Server. This enables already processed files to be removed from the audit data folder.
  (See https://learn.microsoft.com/en-us/sql/relational-databases/security/auditing/create-a-server-audit-and-server-audit-specification)
• In LOGbinder for SQL Server options, you can set LOGbinder to Purge audit files after processing. This will cut down on the amount of data in the audit data folder by removing files that have been processed by LOGbinder. You have the choice of either to move the processed files into a folder (named Processed), or to delete the processed audit files.
  (See under Configure Options subheading in 2.2. Configuring LOGbinder for SQL Server)

With the above two options set, you can reduce the amount of data in the audit files folder, which should speed up processing the audit data.