Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-3394: Is it possible to purge audit sessions older than 'x' number of days

Centrify DirectAudit ,  

12 April,16 at 11:08 AM

Applies to: Centrify DirectAudit on all supported versions
 
Question:
How to delete large Direct Audit sessions instead of using the Direct Audit console and is it possible to purge audit sessions that are older than 365 (or 'x' number) of days using Centrify tools?
 
Answer:
Unzip the attached utility and using a command prompt run the following command from the path where you have unzipped the file.


PurgeSessions.exe

With this command it will give different options in terms of usages how to purge the sessions as below

 
Usage:
  PurgeSessions.exe <InstallationName> [NumberOfDays] [MaximumRunTime]
    PurgeSessions.exe <InstallationName> [PathToCSVFile] [MaximumRunTime]
 
Parameters:
  InstallationName - Name of the DirectAudit installation
 
Optional Parameters:
  NumberOfDays - Delete sessions that are older than the specified number of days. Default - 120 days
  MaximumRunTime - Maximum time in minutes allowed to run the tool. Default value - 6 hours
    PathToCSVFile - CSV file containing list of users and machines; only sessions belonging to the specified list of users and machines will be purged
 
Sample Usage:
  PurgeSession.exe DefaultInstallation 90 3
  
PurgeSession.exe DefaultInstallation c:\input.csv
 
Check log file 'C:\Users\username\AppData\Roaming\Centrify DirectAudit\Log\centrifyda_purgesessions_2013_3_5.txt' for more information
 
Notes:
  1. Requires .NET 3.5 SP1
  2. Permissions required to run:
    • User must be logged into the domain 
    • Permission to 'Manage Audit Store List' on the DirectAudit installation
    • Permission to login/connect to the Audit Store database(s)
    • Permission to read data (db_datareader) and write data (db_datawriterr) on each of the Audit Store database(s)
FindSessions Utility to Find Sessions:
The utility is located in:
C:\Program Files\Centrify\DirectManage Audit\AuditAnalyzer

Usage:
  Findsessions.exe -InstallationName | -user | -machine | -activetime | -interactive 

Parameters:
  InstallationName - Name of the DirectAudit installation
    user - Find sessions by one or more specified user names
    machine - Find sessions by one or more specified machine names
    activetime - Find sessions by the running time
    interactive - Run the tool in interactive UI mode. 

Sample Usage:
    Findsessions.exe -DefaultInstallation -user dwirth -machine centos72

Note: For Centrify Suite 2013.2/DA 3.1 and greater, the FindSessions tool is built-in in Audit Analyzer Console Installation, see snapshot below:




 
 
 
 
 
 
 
 
 
 
 
 
 
Attachments:

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.