Administration Guides

Data Retention of Audit Data and Archive

Home


Overview

Two types of retention are supported, online and long term archive.  

  1. Online means audit data that is searchable in the index. Opertional requests for auditing typcially do not exceed 30 days but we support upto 18 months online searchable depending on the audit rate.  This is for optimal performance and maintaining a managable database size.  Contact support to get automatic data retention applied to the database.  Typical values are 6 months or 1 year online searchable.
  2. Database is the secondary version of audit data and for all long term retention requirements raw audit in GZ format should always be stored for long term rentention as the data is shareable in a format needed for auditors and is compatible with OneFS tools.  The database is not in a format that auditors can use in a sharable format.
  3. Database management tasks and size of DB require online searching to prune data older than 18 months maxiumum.
  4. Long term storage of audit data
    1. Isilon audit data must be purged as the raw audit data is stored on the Isilon in GZ format and is never deleted.  For long term storage of audit data depending on business need this format should be stored in an archive location in GZ format.  We recommend purging these GZ files twice per year.  See EMC SR requirement and steps documented here.
    2. The GZ files impact audit performance if 1000's of files are left on Isilon and the purge process allows them to be removed and archived at the same time.

Actions

  1. Open a support case to get the database retention set to 6m , 1 year or 18 months
  2. Review Isilon GZ purge procedure
  3. Identify long term archive location for GZ audit data
Copyright Superna LLC