Chat now with support
Chat with Support

Change Auditor 7.0.4 - Web Client User Guide

Install Change Auditor Web Client Web Client Overview Overview Page Shared Overviews Administration Page Searches Page Search Results Page Administration Tasks Page Configuration Tasks (Administration Tasks Page) Auditing Tasks (Administration Tasks Page) Protection Tasks (Administration Tasks Page) Change Auditor Client Comparison

Purge and Archive jobs page

The Purge and Archive page is displayed when Purge and Archive is selected from the Configuration task list in the navigation pane of the Administration Tasks page. From here you can specify the settings for the purge and archive jobs.

Once a job is defined, the page displays the following details about each job:

Job Name

Displays the name assigned to the job when it was created using the Purge and Archive wizard.

Last Run

Displays the date and time the job last ran.

Next Run

Displays the date and time the job is scheduled to run next.

Status

Indicates whether the job is enabled or disabled.

Schedule

Displays the schedule defined for running the job.

Add

Use to open the Purge and Archive Job wizard to define a scheduled purge job.

Edit

Use to open the Purge and Archive job wizard to modify the selected purge job.

Enable

Use to enable the selected purge or archive job.

Disable

Use to disable the selected purge or archive job.

Delete

Use to delete the selected purge or archive job.

2
Click Configuration.
3
Select Purge and Archive in the Configuration task list to open the Purge and Archive Jobs page.
4
Click Add to open the Purge Job wizard.

Purge events

If you select to purge events, specify the options that determine which events will be removed from the database.

All events: Select this option to purge all events from the database that are older than the specified time.

Only selected events: Select this option to purge only selected events, based on specific criteria, from the database that are older than the specified time.

Use the criteria tabs to define the events to be deleted:

If you specify criteria on more than one tab, the criteria specified on ALL of the tabs must be met before an event is deleted from the database or archived.

See Purge selected records for a description of the criteria tabs and options that appear to specify the records.

Archive events

When this option is selected, a yearly archive database will be created beginning on the first day of the selected month. For example, if you select Jan, the database will contain events for 12 months beginning on January 1.. If you have also selected to purge events based on specific criteria, any events that remain will be moved to the archive database.

On initial run of archive or purge/archive job, an archive database will be created on the same database server as your production Change Auditor database. The name of the archive database is as follows: Production database name appended with _Archive_ and the year of your oldest event and a selected month. Example: ChangeAuditor_Archive_2014 _August

The *.mdf file will have the same name except that the date will be appended to the end. Example: ChangeAuditor_Archive_2014__August20150310163244.mdf

If the archive database is moved or deleted a new archive database with the same name will be created (the *.mdf will differ because a new date is appended) the next time an archive or purge/archive job runs.

 

Occurs

Specifies if the job is to be run on a weekly or monthly schedule.

The default is monthly.

NOTE: When Monthly is selected, specify the monthly schedule to be used to run the job. For example, 1 for every month (default), 2 for every other month, 6 for every six months or twice a year, etc.

Batch Limit

Specifies the maximum number of events to be purged for each cycle.

That is, the job task checks every five minutes to determine if it needs to run a job. When the job runs, by default it purges a maximum of 500,000 events in that five minute period. If there are more than 500,000 events to be purged, then five minutes later another 500,000 events are processed until all of the events are purged or archived.If there are 500,000 events or less in a job, then the job task checks again in the next five minutes and obeys the ‘next run’ time.

On day of month

When a Monthly schedule is selected, specifies on which day of the month the job is to be run:

When a Weekly schedule is selected, specifies the weekly schedule to be used to run the job. For example, 1 for every week, 2 for every other week, 3 for every third week, and 4 for every fourth week.

On Days

When a Weekly schedule is selected, defines the days of the week when the job is to be run.

The default is Monday through Friday.

Run Time

Defines the time of day when the job is to be performed.

The default start time is 12:00:00 AM.

Last Run

This read-only field specifies the last time (date and time) the job ran.

Next Run

This read-only field specifies the next time (date and time) when the job is scheduled to run.

9
Select Finish.

Purge selected records

Use the criteria tabs in the Purge and Archive wizard to define what specific records are to be deleted from the database. These tabs are enabled when you choose the Purge | Only selected events option.

Who tab

Use the Who tab when you want to purge or archive events generated by specific users, computers, or groups. By default (when the Who tab is empty), change events generated by all users, computers, and groups will be deleted from the database or archived.

When multiple ‘who’ criteria is specified on this tab, Change Auditor uses the ‘OR’ operator to evaluate change events, purging or archiving events for activity performed by any of the users, computers or groups listed on this tab.

1
From the Purge and Archive wizard, select the Purge option, and then enable Only selected events to activate the criteria tabs.
4
After selecting one or more directory objects, click Select to save your selection and close the dialog.
NOTE: Use Add with Events (instead of Add) to select users, computers, or groups that already have an event associated with it in the database. Use this to purge events tied to users who have been removed from Active Directory.
NOTE: To purge events NOT generated by the users, computers, or groups listed on the Who tab, select the Exclude The Following Selection(s) check box at the top of the Who tab.
1
From the Purge and Archive wizard, select Purge, and then enable Only selected events to activate the criteria tabs.
2
Open the Who tab and expand Add and click Add Wildcard Expression.
NOTE: If you used Add With Events instead, click Add Wildcard Expression on the Add Users, Computer, or Groups dialog.
NOTE: When using the Group option, the Group Membership Expansion option on the Coordinator Configuration page (on the Administration Tasks tab) must be set to Expand all groups.
4
Click OK to close the dialog and add the wildcard expression to the Who tab.

What tab

Use the What tab to specify the what criteria to be used to determine whether an event is to be purged from the database. By default (when the What tab is empty), all events regardless of the subsystem, event class, object class, severity, or results will be purged or archived.

When multiple ‘what’ criteria is specified on this tab, Change Auditor uses the ‘AND’ operator to evaluate an event, purging only those events that meet all the specified criteria. However, when multiple subsystems (such as Active Directory, ADAM, and Exchange) are specified, Change Auditor uses the ‘OR’ operator to evaluate these entities, purging or archiving events that meet any of the specified subsystem criteria. This also applies when multiple event classes are specified. That is, when multiple event classes are specified, Change Auditor uses the ‘OR’ operator purging or archiving any of the specified events.

1
From the Purge and Archive wizard, select Purge, and then enable Only selected events to activate the criteria tabs.
2
Open the What tab, expand Add (or Add With Events) and select the appropriate option. When you select an option, an additional dialog appears allowing you to enter specific criteria:
Subsystem | Active Directory - Add Active Directory Container dialog
Subsystem | AD Query - Add Active Directory Container dialog
Subsystem | ADAM (AD LDS) - Select the agent that hosts the ADAM/LDS Instance dialog
Subsystem | Exchange - Add Exchange Container dialog
Subsystem | Office 365 Exchange Online- Office 365 Exchange Online dialog
Subsystem | File System - Add File System Path dialog
Subsystem | Group Policy - Add Group Policy Container dialog
Subsystem | Local Account - Add Local Account dialog
Subsystem | Logon Activity - Add Logons dialog
Subsystem | Registry - Add Registry Key dialog
Subsystem | Service - Add Service dialog
Subsystem | SharePoint - Add SharePoint Path dialog
Subsystem | SQL - Add SQL Instance dialog
Subsystem | VMware - Add VMware Host dialog
Event Class - Add Facilities or Event Classes dialog
Object Class - Add Object Classes dialog
Severity - Add Severities dialog
Result - Add Results dialog
3
Once you have selected or entered the specific criteria, click Add to add it to the selection list at the bottom of the dialog.
4
Click OK to save your selection and close the dialog.
Related Documents