Purging Audit Logs (After Archiving or Without Archiving)

You can manage the volume of audit log data stored by purging log files from the CSO database without archiving them or by purging log files after archiving them. You can purge audit logs immediately or schedule the purging for a later date and schedule the purging on a recurring basis.

Procedure

To purge audit logs after archiving or without archiving them:

  1. Select Administration > Audit Logs.

    The Audit Logs page appears displaying the audit logs.

  2. Click Purge.

    The Purge Audit Logs page appears.

  3. Complete the configuration according to the guidelines provided in Table 272.

    Note Fields marked with an asterisk (*) are mandatory.

  4. Click OK.

    You are returned to the Audit Logs page and one of the following operations occur:

    After the audit logs are purged successfully, the Audit Logs page refreshes automatically and displays only the audit logs that were not purged.

Table 272: Purge Audit Logs Settings

 

Field

Description

Purge Options

 

Purge Logs

Select one of the following options to purge audit logs:

  • Purge audit logs that were generated before a specified date and time—If you select this option, you must enter a date and time in the Before field.

  • Purge generated audit logs that are older than a specified number of days—If you select this option, you must specify the number of days in the Older than field.

Before

To purge audit logs before a specified date and time, enter the date (in MM/DD/YYYY format) and time (in HH:MM:SS 24-hour or AM/PM format)

You specify the time in the local time zone of the client computer.

Older than

To purge generated audit logs older than a specified number of days, enter the number of days (from 1 through 90)

Archive Logs Before Purging

To archive audit logs before purging them, select this check box. By default, this check box is cleared, which means that audit logs are purged without archiving them.

Caution: If you choose not to archive the audit logs before purging, the audit logs are deleted from the CSO database and cannot be recovered.

Archive Mode

Specify whether you want to archive the log files locally (local) or on a remote server (remote).

If you archive the logs on a remote server, which is the default option, you must enter access and login details for the remote server.

Note:

  • Archived log files are saved in a single file in compressed comma-separated values (CSV) format (extension .zip).

  • When you archive data locally, the archived log files are saved on the central microservices virtual machine (VM).

Username

Enter a valid username to access the remote server.

Password

Enter a valid password to access the remote server on which the audit logs will be archived.

Confirm Password

For confirmation, re-enter the password to access the remote server.

Remote Server IP Address

Enter the IPv4 address of the remote server; for example, 192.0.2.10.

Remote Server Path

Enter the directory path on the remote server on which to store the archived log files. The directory that you specify must already exist on the remote server.

Schedule Purge

 

Type

Specify whether the audit logs should be purged immediately (Run now) or schedule the purge for later (Schedule at a later time).

If you schedule the purge for later, enter the date (in MM/DD/YYYY format) and time (in HH:MM:SS 24-hour or AM/PM format) that you want the purge to occur.

You specify the time in the local time zone of the client computer.

Recurrence

To specify whether the purge operation should occur on a recurring basis, select this check box.

Note: This option is enabled only if you choose to archive and purge audit logs older than a specified number of days.

Repeat

Specify the periodicity of the recurrence. Currently, a weekly periodicity is the only option supported.

On

For purges that recur every week, specify one or more days on which you want the purge to recur.

Time

Enter the time (in HH:MM:SS 24-hour or AM/PM format) that you want the recurring purge to occur. By default, the purge recurs at 12.00 AM.

You specify the time in the local time zone of the client computer.

Ends

Specify whether the recurring purge ends or not:

  • Select Never to continue (without an end date) the recurring purge operation at the specified recurrence interval.

  • Select On and enter the date (in MM/DD/YYYY format) and time (in HH:MM:SS 24-hour or AM/PM format) on which to stop the recurring purge operation.

    You specify the time in the local time zone of the client computer.