Purging or Archiving and Purging Audit Logs in Security Director
Junos Space enables you to manage the volume of audit log data stored by purging log files from the Junos Space database without archiving them or by purging log files after archiving them. You can purge audit logs before a specified date and time or audit logs that are older than a specified number of days. Audit logs can be archived locally (on any node that is in the UP state) or to a remote server.
To purge or archive and purge audit logs:
- Select Monitor > Audit Logs.
The Audit Logs page appears.
- Click the Archive/Purge button.
The Archive / Purge Audit Logs page appears.
- Specify the audit logs to be purged, or archived and purged, according to the guidelines provided in Table 1.
- Click OK.
The Audit Log Archive/Purge page appears asking you to confirm the purge, or archive and purge, operation.
- Click Yes to continue with the purge, or archive
and purge, operation.
The Job Detail: Audit Log Archive/Purge page appears displaying the details of the job.
- Click OK to close the Job Details page.
You are returned to the Audit Logs page.
Table 1: Archive/Purge Audit Logs Settings
Specify a date and time (in MM/DD/YYYY and HH:MM:SS formats) before which audit logs should be purged or that audit logs that are older than a specified number of days should be purged.
Note: You specify the time in the local time zone of the client computer but the audit logs are purged according to the time zone configured on the Junos Space server.
Purge audit logs from all accessible domains
Select this check box to purge audit logs from all domains to which you have access. By default, audit logs are purged only from a domain that you accessed, so this check box is cleared.
Archive logs before purge
Select this check box to archive audit logs before they are purged. This check box is selected by default.
Caution: If you choose not to archive the audit logs before purging, the audit logs are deleted from the Junos Space database and cannot be recovered.
Specify whether audit logs are archived locally (on the active node) or on a remote server.
Enter a valid username of a user on the remote server. The username and password will be used to access the remote server.
Enter a valid password of the user on the remote server.
Reenter the password of the user on the remote server.
Remote Server IP Address
Enter the IPv4 address of the remote server.
Remote Server Directory
Enter the full path of the directory (ending with /) on the remote server where the audit logs will be archived.
Note: The directory must already exist on the remote server.
Specify whether the purge, or archive and purge, operation should be run immediately or later.
If you specify that the operation should be run later, you must specify a start date and time (in MM/DD/YYYY and HH:MM:SS 24-hour or AM/PM formats) for the purge or archive and purge operation.
Specify whether the purge, or archive and purge, operation should be done on a recurring basis.
Note: This field is enabled only when you specify (in the Purge Logs field) that audit logs that are older than a specified number of days should be purged.
Specify the periodicity of the recurrence:
Specify the period at which the purge should recur. For example, if you specified a periodicity in hours (Hourly), enter the number of hours after which the purge should recur.
Specify one or more days on which you want the purge to recur.
Specify one of the following:
Displays a summary of the recurrence.