AuditPurge

Why Is This Important?

AuditPurge allows you to set an appropriate retention period for your audit log data without retaining all audit log data ever recorded. Check with your IT department or institutional policies to ensure that your AuditPurge limit complies with policy for security or reporting purposes.

AuditPurge is a position-independent config.txt directive that specifies how many days of auditing files should be retained. All audit files older than the specified number of days are automatically deleted from the server. Audit files are purged each day when the first audit event occurs after midnight.

If no AuditPurge appears in config.txt, all audit files are retained.

AuditPurge should be followed the number of days worth of audit files to retain, and will look as follows:

AuditPurge 180

This directive statement will save all audit files from the current day and back 180 days, and cause any audit files older than 180 days to be deleted.

 

To save audit files for the current day plus the preceeding week, enter the following directive statement:

AuditPurge 7

To save audit files for the current day plus the preceeding month, enter the following directive statement:

AuditPurge 31

Note: This directive does not operate on a calendar-month schedule, only on number of days, so depending on when you check the logs, a value of 31 could provide you with a month's worth of data, partially from the current month, and partially from the preceding month.

When determining the number of days of audit files to retain, you may want to consult with your IT department to ensure that your retention schedule complies with the institutional schedule for security and recording purposes.

 

The following directives interact with or control functions related to this directive:

Audit