Completed Reports Deletion
Does anyone know how long Completed Reports stay on the AM server before they are automatically deleted? I know they will eventually go away but I can't find any documentation around how long that is and is the time frame customizable.
- Auth Manager
- Authentication Manager
- Community Thread
- days kept offline
- days stored offline
- Forum Thread
- log archival
- RSA Authentication Manager
- RSA SecurID
- RSA SecurID Access
From the Security Console, select Administration > Archive Audit Logs > Schedule Log Archival. From here you can view the currently defined values for how many days your administraion logs, runtime logs and system logs are kept online and how many days they are stored offline.
You will see that the time frames are customizable from this page.
If you n eed additional information, click Help on this page > Archive Logs Using Schedule Log Archival to get more information on scheduling log archival.
We log administrative, runtime and system events and store them in /opt/rsa/am/Log_archive, so your completed reports can be built on any of these options. It depends on what report templates you have used.
From page 249 of the RSA Authentication Manager 8.2 Administrator's Guide:
Authentication Manager maintains the following types of logs:
- Administrative Audit. Log messages that record administrative actions, such as adding and editing users. This category does not include system level failures of administrative actions. Those messages are captured in the system log.
- Runtime Audit. Log messages that record any runtime activity, such as authentication and authorization of users.
- System. System level messages, such as “Server started” and “Connection Manager lost db connection.” This category includes system level failures of administrative actions.
Ok. Just to make sure I got it. The log retention settings for the type of data used in the report dictate how long the completed report remains available. For instance: If I run an administrative activity report and our log retention for the administrative data is 30 days. Then the completed report would sit there for 30 days. Is that correct?
That being said, note that there are two dates of which you should be aware of when configuring log archival. The days kept online and the days stored offline.
Days kept online. This value is the number of days that you want to keep logs in the internal database. When a log expires, the system purges the log from the database, and exports the log to the export archive if recurring log archive jobs are configured for export.
Days stored offline. This value is the number of days that you want to keep logs in the export archive. When a log expires, the system deletes it from the export archive and it is removed from the system.
Be sure you configure these values so you don't accidentally roll data off your system too quickly.