Applies to: Centrify DirectAudit on all supported versions
Question:
How to delete large Direct Audit sessions instead of using the Direct Audit console and is it possible to purge audit sessions that are older than 365 (or 'x' number) of days using Centrify tools?
Answer:
Unzip the attached utility and using a command prompt run the following command from the path where you have unzipped the file.
PurgeSessions.exe
With this command it will give different options in terms of usages how to purge the sessions as below
Usage:
PurgeSessions.exe <InstallationName> [NumberOfDays] [MaximumRunTime]
PurgeSessions.exe <InstallationName> [PathToCSVFile] [MaximumRunTime]
Parameters:
InstallationName - Name of the DirectAudit installation
Optional Parameters:
NumberOfDays - Delete sessions that are older than the specified number of days. Default - 120 days
MaximumRunTime - Maximum time in minutes allowed to run the tool. Default value - 6 hours
PathToCSVFile - CSV file containing list of users and machines; only sessions belonging to the specified list of users and machines will be purged
Sample Usage:
PurgeSession.exe DefaultInstallation 90 3
PurgeSession.exe DefaultInstallation c:\input.csv
Check log file 'C:\Users\username\AppData\Roaming\Centrify DirectAudit\Log\centrifyda_purgesessions_2013_3_5.txt' for more information
Notes:
- Requires .NET 3.5 SP1
- Permissions required to run:
- User must be logged into the domain
- Permission to 'Manage Audit Store List' on the DirectAudit installation
- Permission to login/connect to the Audit Store database(s)
- Permission to read data (db_datareader) and write data (db_datawriterr) on each of the Audit Store database(s)
FindSessions Utility to Find Sessions:
The utility is located in:
C:\Program Files\Centrify\DirectManage Audit\AuditAnalyzer
Usage:
Findsessions.exe -InstallationName | -user | -machine | -activetime | -interactive
Parameters:
InstallationName - Name of the DirectAudit installation
user - Find sessions by one or more specified user names
machine - Find sessions by one or more specified machine names
activetime - Find sessions by the running time
interactive - Run the tool in interactive UI mode.
Sample Usage:
Findsessions.exe -DefaultInstallation -user dwirth -machine centos72
Note: For Centrify Suite 2013.2/DA 3.1 and greater, the FindSessions tool is built-in in Audit Analyzer Console Installation, see snapshot below: