About Event Purging

Stored events become less useful and relevant over time, and their build-up can lead to performance issues. The Database Maintenance page lets you safely remove old events and keep a smaller, faster database.

You must have Application Control and/or Device Control for the Database Maintenance feature to be available in the Server Console (Tools > Database Maintenance).

Device Control records all connections and other events related to devices, while Application Control records applications being allowed to run or blocked. As events can lead to the database quickly expanding in size, periodically removing them will:

  • make all related reports and dashboard widgets load faster;
  • free-up disk space for storing new events.

By default the database does not automatically remove events it stores. Running regular purges is a best practice we recommend you set up in your environment. The number and types of events kept should be according to your organization’s business needs.

Caution: Purging is irreversible! Use care when configuring a purge job to avoid removing necessary data by accident. Once purged the events no longer appear in the server console.
Consider backing-up the database or exporting the results of a log query for a date range that matches the age of events you plan to purge.

You can configure a regular purge job using the Schedule Maintenance: Recurring Purge Job wizard on the Tools > Database Maintenance page. Events become eligible for purging when they exceed the minimum age you specify in the Purge events older than X days field.

The events that occur the most are:

  • Device Control: READ-DENIED, DEVICE-ATTACHED
  • Application Control: Application execution granted, Trusted Updater added file to whitelist, Trusted Updater action information

    They are selected by default on the Select Events to Purge panel of the Schedule Maintenance: Recurring Purge Job wizard.

Though purge jobs can run while new events are being processed, we recommend that you schedule them for off-peak hours. Use a purge job’s Maximum purge duration to manage purge time (minutes) and server load. At time-out the system finishes the event batch it is purging and then stops.