Getting Started
- System Requirements
- Installation
- Assign Service Logon As Credentials
- Registration
- Version Support Policy
Agent-Based Management
Common Tasks
- Account Lockout Monitoring and Reporting
- Event Log Archiving for JSIG and CMMC Compliance
- Exporting and Importing Configuration Objects
- RDP Session Monitoring and Reporting
- Merging Logs
- Amazon S3 Bucket Support
- Azure File Share Support
Data Providers
- Data Provider Properties
- SQLite Properties
- MySQL Properties
- Microsoft SQL Server Properties
- File System Properties
Directory Services
Auditing
- Audit Work Items
- Self-Auditing
- Group Policy Auditing
- Password Expiry Auditing
Hosts
- Adding Hosts
- Host Properties
- Batch Update Hosts
- Agent Properties
- Logon As Properties
- SFTP Properties
- FTP/S Properties
- SNMP Device Connection Properties
- WMI
- Contact
- Exclusions
- Inventory
- Docker
- Host Assignments
Templates
- Template Properties
- Batch Update Templates
- Assign Templates
- Log Management Templates
- SCAP Compliance Monitor
- Active Directory User Monitor Templates
- File and Directory Monitor Templates
- Windows Monitor Templates
- Network and Application Monitor Templates
- SSL Certificate Monitor Templates
- Database Templates
- Email Monitor Templates
- SNMP Monitor Templates
- Windows Accounts Templates
Monitors
- Monitor Hierarchy
- Temporarily Suppress Monitors Actions
Reports
- Report Properties
- Security Reports
- Generic Log Reports
- File and Permission Reports
- Summary Reports
- Artificial Intelligence Reports
  - AI Anomaly Detection Report
  - AI Anomaly Detection Report (Template Triggers)
Auto-Configurators
Filters
- Simple Filters
- Complex Filters
Actions
- Database Actions
- Desktop Actions
- Disconnect RPD Session Actions
- Email Actions
- Event Log Actions
- Executable Actions
- File Actions
- IIS IP Address Restriction Actions
- Microsoft Teams Actions
- PowerShell Actions
- Report Actions
- Service Actions
- SMS Actions
- SNMP Trap Actions
- Syslog Actions
- Template Actions
- Action Variables
Schedules
- Fixed Schedules
- Range Schedules
- Real-Time Schedules
Environment Variables
Options
- Email Settings
- Security Settings
- Syslog Server Settings
- SNMP Trap Server Settings
- Log Viewer Settings
- Web Proxy Settings
- Miscellaneous Settings
- Logging Settings
SNMP
- SNMP Browser
SSH Shell
Syslog
System Reset
Shared Views
- Active Directory User and Group Filters
- Assign Actions
- Assign Azure Audit Logs
- Assign Consolidated Logs
- Assign Directories
- Assign Disks
- Assign Event Logs
- Assign Files
- Assign Services
- Assign Shares
- Auto-Config Host Assignment Properties
- Define CSV and W3C Log Entry Columns
- Define Log Entry Columns
- Define Log Entry Columns with Regular Expressions
- Executable Status
- Executable Timeline
- Explicitly Assigned Logs
- File Explorer
- General Executable Properties
- Report Columns
- Report Date/Time Ranges
- Report Security Event Log Filters
- Select Folder or File
- Target Files and Sub-Directories
Command Line Interface
Server Configuration
Agent Configuration
Troubleshooting
- Arithmetic Overflow
- Access Denied
- MySQL: Fatal error encountered during command execution
- Invalid Class
- No Such Interface Supported
- Quota Violation
- The File Exists Errors
- The Interface is Unknown
- The RPC Server is Unavailable
- NetBIOS Errors
Terminology

Log Entry Retention Policy Template

The Log Entry Retention Policy Template enables you to remove old log entries no longer required for either reporting or compliance so disk space can be freed and table size maintained over time for faster reporting.

Background:

When storing log entries for long periods of time, such as one year, log entry tables will become quite large. Running daily reports, such as Account Management Reports, require table scans to isolate the target log entries. If we were to store each log in a single table for the entire year, daily reports would be unnecessarily table scanning irrelevant data burning CPU, memory, power and time. For this reason, Corner Bowl saves log entries to two tables is separate databases. This design has two advantages. First, daily reports only need to execute table scans against recent data, and second, archive databases can be implemented on alternate hardware, with different specifications, while simultaneously isolating CPU intense archive reporting from production systems. Corner Bowl Server Manager implements these two databases in the Explorer View under Data Providers. By default, the databases are called the Primary Log Database and the Archive Log Database respectively.

Tutorials

Event Log Management (Part 2: Verification and Retention)

How it works:

The Log Entry Retention Policy is responsible for removing log entries from the Primary Log Database and saving them to the Archive Log Database. Once the entries are older than the maximum configured time, for example 365 days, the Log Entry Retention Policy deletes the entries from the database. Entries are deleted in batches of one hour minimizing the size of transaction tables and memory consumption.

How to configure the Log Entry Retention Policy Template:

From the Menu Bar, select File | New. The Create New Object View displays.
From the Create New Object View, expand Templates | Log Management then select Log Entry Retention Policy. The New Template Properties View displays.
The Template Properties view contains 3 tabs.
- General
- Options
- Actions

The Options Tab

Use the Log entry retention filter drop-down to optionally select a filter to target specific entries.

Note

You can assign multiple Log Entry Retention Policy Templates to Log Consolidation Templates enabling you to remove specific data from the log database at any time.

Use the Log entry retention policy drop-down to select to either Remove or Archive log entries then select the number of days to maintain in the log database.
If you choose to Archive log entries, use the Retain archived entries for check box to enable the removal of old archived entries. Lastly, set the number of days to maintain in the archive log database.

Important

When archiving log entries the total number of days saved it the sum of the number of days in the primary log database plus the number of days in the archive log database. For example, if you archive entries older than 30 days and retain archived entries for 150 days the total number of days retained is actually 180 days.

Host Assignment