Security

Reply
MVP
Posts: 702
Registered: ‎03-25-2009

access tracker retention?

What setting decides how long Access Tracker data is available?

I've set the "Cleanup interval for Session log details in the database" inside the Cluster-wide parameters to 0 (zero) but still I cannot  access access tracker events from as little as a month back.

 

What am I missing here?

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Guru Elite
Posts: 7,853
Registered: ‎09-08-2010

Re: access tracker retention?

It's 7 days. If you need beyond 7, you should use an external logging
solution like Splunk.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
MVP
Posts: 702
Registered: ‎03-25-2009

Re: access tracker retention?

Then what does that "Cleanup interval for Session log details in the database" do?

The manual says the following:

 

Specify the duration in number of days to keep the following data in the Policy Manager DB:
l session logs (found on Access Tracker page)
l event logs (found on Event Viewer page)
l machine authentication cache
The default value is 7 days.

 

It accepts values from 0 to 15.

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Guru Elite
Posts: 7,853
Registered: ‎09-08-2010

Re: access tracker retention?

You can use that, but the recommended is 7 days based on disk space
requirements.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
MVP
Posts: 702
Registered: ‎03-25-2009

Re: access tracker retention?

OK fine, but I've set that value to zero thinking it would save stuff untill either I reset it or the disk runs out.

Apparently it's neither so I'd like to know what setting it to zero actualy does and if it still doesn't reach a month, then what are the number behind it?

 

Not talking about a highly loaded cppm here so I think a month isn't all that unobtainable in this case.

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Occasional Contributor I
Posts: 6
Registered: ‎09-20-2016

Re: access tracker retention?

Hi all,

 

My apologies if it's the proper way to this message but I'm currently meeting issues to submit a new case in the community...

 

To come back on this topic, is there another way to delete Access tracker logs except from the retention feature ? Something like a button or command "Clear Access Tracker logs dB" ? 

If yes, would it also be possible for Accounting, Event Viewer, Audit Viewer etc ... ?

 

Thank you.

 

Best regards,

 

Simon

 

 

 

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: