Table of Contents
- Getting Started
- Agent-Based Management
- Data Providers
- Directory Services
- Event Log Archiving for JSIG and CMMC Compliance
- Auditing
- Hosts
- Templates
- Template Properties
- Batch Update Templates
- Assign Templates
- Log Management Templates
- SCAP Compliance Monitor
- File and Directory Monitor Templates
- Windows Monitor Templates
- Account Lockout Monitor Template
- Logon Monitor Template
- CPU Monitor Template
- Memory Monitor Template
- Disk Space Monitor Template
- SMART Monitor Template
- Process Monitor Template
- Service Monitor Template
- Performance Counter Monitor Template
- PowerShell Template
- Registry Value Monitor Template
- System Security Monitor Template
- Active Directory User Monitor Template
- Active Directory User Integrity Monitor Template
- Task Scheduler Template
- Clock Synchronization Template
- Defragment NTFS Disks Template
- Windows Audit Policy Monitor Template
- Windows Logon As Monitor Template
- Windows Update Template
- Windows Management Instrumentation (WMI) Templates
- Database Monitor Template
- Directory Service Monitor Template
- DNS Blacklist Monitor Template
- DNS Monitor Template
- Domain Expiration Monitor Template
- Network Speed Monitor Template
- Ping Monitor Template
- Database Table Reseed
- SQL Server Shrink and Backup Template
- SSH Shell
- TCP Port Scan Monitor Template
- Website Monitor Template
- Wake On LAN Template
- SSL Certificate Monitor Templates
- Email Monitor Templates
- SNMP Monitor Templates
- Windows Accounts Templates
- Monitors
- Reports
- File and Permission Reports
- Summary Reports
- Auto-Configurators
- Filters
- Actions
- Database Actions
- Desktop Actions
- Email Actions
- Event Log Actions
- Executable Actions
- File Actions
- IIS IP Address Restriction Actions
- Microsoft Teams Actions
- PowerShell Actions
- Report Actions
- Service Actions
- SMS Actions
- SNMP Trap Actions
- Syslog Actions
- Template Actions
- IIS IP Address Restriction Actions
- Action Variables
- Schedules
- Environment Variables
- Options
- Account Lockout Monitoring and Reporting
- Merging Logs
- SNMP
- SSH Shell
- Syslog
- Exporting and Importing Configuration Objects
- Shared Views
- Active Directory User and Group Filters
- Assign Actions
- Assign Azure Audit Logs
- Assign Consolidated Logs
- Assign Directories
- Assign Disks
- Assign Event Logs
- Assign Files
- Assign Services
- Assign Shares
- Auto-Config Host Assignment Properties
- Define CSV and W3C Log Entry Columns
- Define Log Entry Columns
- Define Log Entry Columns with Regular Expressions
- Executable Status
- Executable Timeline
- Explicitly Assigned Logs
- File Explorer
- General Executable Properties
- Report Columns
- Report Date/Time Ranges
- Report Security Event Log Filters
- Select Folder or File
- Target Files and Sub-Directories
- Command Line Interface
- Server Configuration
- Agent Configuration
- Troubleshooting
- Terminology
Log Entry Retention Policy Template
The Log Entry Retention Policy Template enables you to remove old log entries no longer required for either reporting or compliance so disk space can be freed and table size maintained over time for faster reporting.
Background:
When storing log entries for long periods of time, such as one year, log entry tables will become quite large. Running daily reports, such as Account Management Reports, require table scans to isolate the target log entries. If we were to store each log in a single table for the entire year, daily reports would be unnecessarily table scanning irrelevant data burning CPU, memory, power and time. For this reason, Corner Bowl saves log entries to two tables is separate databases. This design has two advantages. First, daily reports only need to execute table scans against recent data, and second, archive databases can be implemented on alternate hardware, with different specifications, while simultaneously isolating CPU intense archive reporting from production systems. Corner Bowl Server Manager implements these two databases in the Explorer View under Data Providers. By default, the databases are called the Primary Log Databaseand the Archive Log Database respectively.
How it works:
The Log Entry Retention Policy is responsible for removing log entries from the Primary Log Database and saving them to the Archive Log Database. Once the entries are older than the maximum configured time, for example 365 days, the Log Entry Retention Policy deletes the entries from the database. Entries are deleted in batches of one hour minimizing the size of transaction tables and memory consumption.
How to configure the Log Entry Retention Policy Template:
- From the Menu Bar, select File | New. The Create New Object View displays.
- From the Create New Object View, expand Templates | Log Management then select Log Entry Retention Policy. The New Template Properties View displays.
- The Template Properties view contains 3 tabs.
The Options Tab
- Use the Log entry retention filter drop-down to optionally select a filter to target specific entries.
- Use the Log entry retention policy drop-down to select to either Remove or Archive log entries then select the number of days to maintain in the log database.
- If you choose to Archive log entries, use the Retain archived entries for check box to enable the removal of old archived entries. Lastly, set the number of days to maintain in the archive log database.