000027637 - Technote: Understanding Recurring Log Archive Jobs in Authentication Manager 7.1

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000027637
Applies ToRSA Product Area: Archiving activity logs.
TechNote: RSA Authentication Manager 7.1, all versions to date up to SP4
IssueTechnote: Understanding Recurring Log Archive Jobs in Authentication Manager 7.1
NotesThis document is intended to supplement the available information on setting up recurring and one-time log archive jobs in RSA Authentication Manager 7.1.

Authentication Manager 7.1 logs are stored in the internal database. The archive parameters for the logs are set in the Security Console by navigating to Administration>Log Management>Recurring Log Archive Job or One-time Log Archive Job. These settings determine when logs are purged from the internal database into a flat file and when the flat file is deleted from the AM 7.1 file system. The server comes with a default setting of purging logs to a flat file after 30 days and deleting any flat files older than 180 days.


You can set up a schedule that automatically archives log records from the RSA database on a recurring basis. During archiving, log records are either copied or deleted from the internal database and written to a flat (comma-delimited) file. By archiving, you maintain a history of all tasks performed, such as logon attempts and RSA Security Console operations. Archive jobs can run automatically on specified days, weeks, or months.


You can configure a recurring log archive job to perform the following operations. Each type of log (Administrative, Runtime and System) has its own settings but each includes these options:


****Important: Purging permanently deletes log files from the RSA internal database. If you want to prevent important data from being lost, export logs to an archive flat file before purging.


Log Archival Options.

1. Export and Purge.      Exports log records from the database to the archive (flat file) and then

                                    purges them from the database.

2. Export.                      Exports log records from the database to the archive (flat file). Records

                                    remain in the database.

3. Purge Only.               Deletes log records from the database.

4. None.                        No action taken. This option cancels all future occurrences of the log

                                    archive job for a particular log type.


Export Directory.           Enter the full path where you want to store the flat files exported from the RSA database, for example c:\RSA_logs. By default this may show as . (period) , this puts it into the (rsahome)/server directory.


Days Kept Online.         Enter how long to keep logs online in the database. Logs are either exported to the archive, purged, or both after this many days. The system subtracts the Days Kept Online value from the current time and rounds the result to the nearest 00:00:00 according to Coordinated Universal Time (UTC). Log data is kept online until that time. Therefore, depending on your time zone, log data may be kept one day longer than the value you specify, or log data may be purged 1 day before this

                                    value is reached.


Days Stored Offline.       Enter how long to keep logs in the archive. The log is deleted after this many days. The longer you store logs offline, the more disk space is used. Logs for each day are archived to a file that is named for that day. Log entries on that day between UTC times 00:00:00 a.m. and 11:59:59 p.m. are archived to the file for that day. If the number of files exceeds the Days Kept Offline value, older files are purged.


The default configuration for the recurring log archive job is:


Log Archive Options: Purge and Export

Export Directory: . (this saves to the <rsa_install>\server directory)

Days Kept Online: 30

Days Kept Offline: 180

Legacy Article IDa54324