Salesforce

KB-3394: Is it possible to purge audit sessions older than 'x' number of days

Printable View
« Go Back

Information

 
TitleKB-3394: Is it possible to purge audit sessions older than 'x' number of days
URL NameKB-3394-Is-it-possible-to-purge-audit-sessions-older-than-x-number-of-days
Knowledge Article TypeProblem / Resolution
Article TypeKnowledge
ArticleType 
ProductAuditing and Monitoring Service
Component 
Version 
TagsPurgeSession, delete, sessions, Findsessions, purge, direct audit session, large
Internal Comments
Article Edits
Bug #40952
Solution ID3394
Knowledge Base Article Details
Applies to: Centrify DirectAudit on all supported versions
 
Question:
How to delete large Direct Audit sessions instead of using the Direct Audit console and is it possible to purge audit sessions that are older than 365 (or 'x' number) of days using Centrify tools?
 
Answer:
Unzip the attached utility and using a command prompt run the following command from the path where you have unzipped the file.

PurgeSessions.exe

With this command it will give different options in terms of usages how to purge the sessions as below
 
Usage:
  PurgeSessions.exe <InstallationName> [NumberOfDays] [MaximumRunTime]
    PurgeSessions.exe <InstallationName> [PathToCSVFile] [MaximumRunTime]
 
Parameters:
  InstallationName - Name of the DirectAudit installation
 
Optional Parameters:
  NumberOfDays - Delete sessions that are older than the specified number of days. Default - 120 days
  MaximumRunTime - Maximum time in minutes allowed to run the tool. Default value - 6 hours
    PathToCSVFile - CSV file containing list of users and machines; only sessions belonging to the specified list of users and machines will be purged
 
Sample Usage:
  PurgeSession.exe DefaultInstallation 90 3
  PurgeSession.exe DefaultInstallation c:\input.csv
 
Check log file 'C:\Users\username\AppData\Roaming\Centrify DirectAudit\Log\centrifyda_purgesessions_2013_3_5.txt' for more information
 
Notes:
  1. Requires .NET 3.5 SP1
  2. Permissions required to run:
    • User must be logged into the domain 
    • Permission to 'Manage Audit Store List' on the DirectAudit installation
    • Permission to login/connect to the Audit Store database(s)
    • Permission to read data (db_datareader) and write data (db_datawriterr) on each of the Audit Store database(s)
FindSessions Utility to Find Sessions:
The utility is located in:
C:\Program Files\Centrify\DirectManage Audit\AuditAnalyzer

Usage:
  Findsessions.exe -InstallationName | -user | -machine | -activetime | -interactive 

Parameters:
  InstallationName - Name of the DirectAudit installation
    user - Find sessions by one or more specified user names
    machine - Find sessions by one or more specified machine names
    activetime - Find sessions by the running time
    interactive - Run the tool in interactive UI mode. 

Sample Usage:
    Findsessions.exe -DefaultInstallation -user dwirth -machine centos72

Note: For Centrify Suite 2013.2/DA 3.1 and greater, the FindSessions tool is built-in in Audit Analyzer Console Installation, see snapshot below:




 
 
 
 
 
 
 
 
 
 
 
 
 
Created ByArticle Admin
Solution CreatorRaghu Srinivasan
DraftNot Checked
LithiumId
Lithium_Board_Id
Lithium_View_Href
Tags 
Category 
ArticleImage
Known IssuesNot Checked
Powered by