Symantec Security Expressions Server manual Database Cleanup

Page 30

SecurityExpressions Server User Guide

Database Cleanup

The database stores data about audits, as well as console and server events. You might decide that it is unnecessary to use database space to retain this data permanently. The Database Cleanup settings allow you to automatically delete data from the database on a schedule. You can also use the Clean Now button to perform an unscheduled cleanup.

Cleanups delete data generated by any console or server application connected to the same database, not just the server application executing a cleanup. They also clean up data generated by Web services, the COM object, and the command line.

Event-log cleanups and audit-data cleanup tasks are scheduled and run independently from each other.

Event Log Settings

SecurityExpressions retains a log of console and server events that it stores in the database.

Perform daily discard of event log data older than __ days

To clean up the event log, check this box and type the number of days for which you want to retain data before deleting it. Then click Update. Log entries are automatically cleaned up at 2 a.m.

Update

Click this button to update the event-log settings.

Clean Now

Click this button to perform an unscheduled event-log cleanup. Then click Delete to confirm the action or Cancel to cancel it.

Audit Data Cleanup Tasks

You may create more than one cleanup task. Click Add New to create a task. To modify an existing task, locate the task in the table and click the Edit link. To delete an existing task, locate the task in the table and click the Delete link.

Task Name

Type a name for this cleanup task.

Daily Cleanup

Check Enabled to enable this cleanup task.

Audit Results

Select how much audit data you want to retain when cleanups occur. Cleanups occur at 2 a.m. nightly when a cleanup task is enabled.

•Discard audit data older than __ days - Type the number of days for which you want to retain data before deleting it.

•Discard all but most recent audit for each policy and target - From the drop- down list, select the time span for which you want to keep the most recent audit performed on each policy file you used to audit and on each target audited. The database retains the data from one audit performed on each policy file and each

22

Image 30

Contents SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Technical Support Contacting Technical SupportPage Other Products SecurityExpressions ConsolePage Overview About SecurityExpressions Audit & Compliance ServerPage Self-Service Audit Agreement Self-Service AuditWhat is Self-Service Auditing? How to Audit your Local ComputerDisplays on the page. No detailed audit results appear Local Server Settings Configure ServersAbout Server Configuration Pages with Role SettingsSetup Viewing Audit ResultsDatabase Connection Secure Connection Windows 2000 ServersClick OK on the Default Web Site Properties window Credential Store UserCreating Credential Stores Software Registration Enable Web ServicesSecurityExpressions Console Credential Stores Site PreferencesAccess Global Machine List Access User Roles Item RightsPolicy File Library Library SynchronizationCheck the Synchronize with a policy file library box About Policy Files How System Scores are CalculatedAgent & Service Configuration Default method for remote execution on WindowsTarget Options SSH Agent Authentication Database Cleanup Policies Update TaskCancel Add TaskAgent Downloads Site PreferencesClick Use the Following Agreement Allow Remediation Page Policies What is Audit-on-Connect?Audit-On-Connect Policies TablePage Adding Policies Editing Policies Configuring with Run-Time Policy Variables Deleting PoliciesPage Scopes ScopesAdd a New Scope Page Edit a Scope Scopes Table Expression Scopes Deleting ScopesDNS Domain Name Scopes Supported OperatorsSupported Functions Org Unit ScopesDetection Method Scopes Notifications Click Add New Creating New Command NotificationsCreating New Email Notifications Editing NotificationsClick Add New Creating New Command Notifications Deleting Notifications Notification VariablesExceptions Table Column Description ExceptionsExceptions Adding ExceptionsDeleting Exceptions Specify Password and Encrypted PasswordConnection Monitors Connection MonitorsConfiguring Connection Monitors RemoveEnabling Connection Monitors Connection Monitor Configuration File IP Range SectionDefault OptionsProcessing the Configuration File Configuration File SyntaxActive Directory Active Directory Connection Monitor only Network Slow LinksUnmanaged Systems Trace Route InformationNetwork Admissions Control Initial TokenReaudit if quarantined HealthyQuarantined/Unknown Redirection WebAudit on Connect Tracing Redirection Web Page BehaviorAudit on Connect Tracing Page Page What is Audit-on-Schedule? Audit-On-SchedulePage Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine ListsAdding Machine Lists Editing Machine ListsEditing Global Machine Lists Scheduled TasksDeleting Machine Lists Scheduled TasksBasic Settings Adding Scheduled TasksSchedule Settings Hosts Not Connected Settings Other Options Settings Credentials SettingsWindows Group Access Editing Scheduled TasksSchedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page Audit-On-Connect Activity Table Column Description View Audit-On-Connect ActivityBrowse Audit-On-Connect Activity Adding a New Audit-On-Connect Report ProfileEditing Report Profiles Deleting Report ProfilesAudit-On-Connect Error Log Report Audit-On-Connect Exceptions ReportPage View Audit Results Browse Audit ResultsAdding a New Audit Results Report Profile Page Editing Audit Report Results Profiles Scheduled Audits Log ReportAdding Custom Reports to the Server Application Deleting Audit Report Results ProfilesPage Glossary Page Configure IndexIP address 33, 44, 45 Rule weights