000025300 - How to keep the most recent RSA Authentication Manager logs and delete logs prior to certain number of days

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025300
Applies ToRSA Authentication Manager Administration Toolkit
UNIX (AIX, HP-UX, Solaris, Linux)
IssueHow to keep the most recent RSA Authentication Manager logs and delete logs prior to certain number of days
Automated log maintenance in RSA Authentication Manager does not offer the option to choose number of days to keep the records. The administrator does not wish to delete the records before a date, as this requires human intervention each time the records need to be deleted. The administrator wishes to delete the records that are older than a certain number of days (e.g. older than 15 days).
ResolutionThis can be automated by using the RSA Authentication Manager Admin Toolkit. The log database can be trimmed using ATK function Sd_DumpHistory:


Sd_ApiInit "" "" 1

set line 0
# delete log events that are over 15 days old, don't save, use blocks of 1000
set line [Sd_DumpHistory 1 1 1997 15 -f "" -b 1000 -t]
puts $line


Note that the first 3 parameters (month day year) are ignored if the 4th parameter (days) is greater than 0; still, this needs to meet sanity checking. For example, the year field needs to be 4 digits. Also note that the ?f parameter can dump the affected log entries to a file. The above ?f ?? throws them away (the file name after ?f is not specified, so the records will be deleted).

Finally, the number of days does not appear to count the current day. When running this on a test system, log events are retained from 5/31/06 and up. So it appears that it does not count today (the 15th), so the tester went back the 14 previous days of June plus the 31st of May.

NOTE: The above can also be implemented as a chron job
Legacy Article IDa30914