IBM Support

How do I purge off some old audit results from my Guardium Appliance.

Question & Answer


Question

My database is full and I want to purge off some old audit results from my Guardium Appliance.

Cause

Normal purging of audit results is set in the audit process definition by the "keep for a minimum of x days or y runs" option.
Normal purging of audit results will not occur if to-do lists have not been actioned /signed off.
As an example, if there is a to-do list from say 6 months ago then, no audit results since 6 months ago will be purged.

Answer

It is important that users action their to-do lists in a timely fashion - so as to allow purging to work and keep the DB from filling up.
Adding a Receiver is not mandatory while creating a new Audit Process. An Audit Process (AP) without a receiver can be used when results of the AP are sent to the third party application and there is no need to view/sign the AP results.

If you still want to add a receiver and not require to view/sign the AP results, the To-Do List Check box can be unchecked but in this case the Email Notification field should be set to Full Results (PDF or CSV). In this case the status gets set to VIEWED and the receiver will not have to actually view the results in order to make them eligible for purge.

In the case where the To-Do List Check box is unchecked but the Email Notification field is set to None or Link, the To-Do entry will be created for the receiver as these types of notifications do not set the status to VIEWED and there is no way to purge the results.

The Internal Guardium table REPORT_RESULT_DATA_ROW table is common for getting large if the audit jobs /to-do lists are not actioned or signed off.


Manual purge command
  • support clean DAM_data audit_results <start_date> <end_date> OR
    support clean DAM_data audit_results <end_date>

    • This command is a way to manually purge audit results. Only if the normal audit results purge is not working. It is recommended to contact technical support to understand why normal purge is not working.
    • This command should be used only when absolutely necessary to deal with audit tasks that produce a high number of records and take up too much disk space. It is strongly advised to consult with Technical Support before running this command. A warning message is presented and a confirmation step is needed when running this command.

Further information on To-do lists can be found in the knowledge center.

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m0z0000000AqmAAE","label":"AUDIT"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Document Information

Modified date:
24 November 2020

UID

swg21641946