Security

Reply
MVP

access tracker retention?

What setting decides how long Access Tracker data is available?

I've set the "Cleanup interval for Session log details in the database" inside the Cluster-wide parameters to 0 (zero) but still I cannot  access access tracker events from as little as a month back.

 

What am I missing here?

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Guru Elite

Re: access tracker retention?

It's 7 days. If you need beyond 7, you should use an external logging
solution like Splunk.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP

Re: access tracker retention?

Then what does that "Cleanup interval for Session log details in the database" do?

The manual says the following:

 

Specify the duration in number of days to keep the following data in the Policy Manager DB:
l session logs (found on Access Tracker page)
l event logs (found on Event Viewer page)
l machine authentication cache
The default value is 7 days.

 

It accepts values from 0 to 15.

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Guru Elite

Re: access tracker retention?

You can use that, but the recommended is 7 days based on disk space
requirements.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP

Re: access tracker retention?

OK fine, but I've set that value to zero thinking it would save stuff untill either I reset it or the disk runs out.

Apparently it's neither so I'd like to know what setting it to zero actualy does and if it still doesn't reach a month, then what are the number behind it?

 

Not talking about a highly loaded cppm here so I think a month isn't all that unobtainable in this case.

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Occasional Contributor I

Re: access tracker retention?

Hi all,

 

My apologies if it's the proper way to this message but I'm currently meeting issues to submit a new case in the community...

 

To come back on this topic, is there another way to delete Access tracker logs except from the retention feature ? Something like a button or command "Clear Access Tracker logs dB" ? 

If yes, would it also be possible for Accounting, Event Viewer, Audit Viewer etc ... ?

 

Thank you.

 

Best regards,

 

Simon

 

 

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: