|Applies To||RSA Authentication Manager Administration Toolkit|
UNIX (AIX, HP-UX, Solaris, Linux)
|Issue||How to keep the most recent RSA Authentication Manager logs and delete logs prior to certain number of days|
Automated log maintenance in RSA Authentication Manager does not offer the option to choose number of days to keep the records. The administrator does not wish to delete the records before a date, as this requires human intervention each time the records need to be deleted. The administrator wishes to delete the records that are older than a certain number of days (e.g. older than 15 days).
|Resolution||This can be automated by using the RSA Authentication Manager Admin Toolkit. The log database can be trimmed using ATK function Sd_DumpHistory:|
Sd_ApiInit "" "" 1
set line 0
# delete log events that are over 15 days old, don't save, use blocks of 1000
set line [Sd_DumpHistory 1 1 1997 15 -f "" -b 1000 -t]
Note that the first 3 parameters (month day year) are ignored if the 4th parameter (days) is greater than 0; still, this needs to meet sanity checking. For example, the year field needs to be 4 digits. Also note that the ?f parameter can dump the affected log entries to a file. The above ?f ?? throws them away (the file name after ?f is not specified, so the records will be deleted).
Finally, the number of days does not appear to count the current day. When running this on a test system, log events are retained from 5/31/06 and up. So it appears that it does not count today (the 15th), so the tester went back the 14 previous days of June plus the 31st of May.
NOTE: The above can also be implemented as a chron job
|Legacy Article ID||a30914|