Scheduling a Recurring Purge Job for Events
You can ensure database performance stays healthy by scheduling a purge job that regularly removes old events (for example, all those older than three months).
Prerequisites:
- You must have a role with Database Maintenance Access Rights, both View Purge Data And Log Files Tab and Manage Maintenance.
- You have checked that no purge job will be running at your planned start date and time, or else your job will fail.
- If you need to keep a history of events, you must do one of the following:
- back-up the database;
- export the results of a log query for a date range that matches the age of events you plan to purge.
Periodically reviewing and purging old event data will ensure your query times are kept as low as possible, and generally improve system performance.
Caution: Purging is irreversible! Use care when configuring a purge job to avoid removing necessary data by accident. Once purged the events no longer appear in the server console.
Consider backing-up the database or exporting the results of a log query for a date range that matches the age of events you plan to purge.
- From the Navigation Menu, select Tools > Database Maintenance.
The Database Maintenance page displays. - Click Schedule maintenance.
The Schedule Maintenance: Recurring Purge Job wizard opens to the Schedule and Configure Database Purge Job panel. - Enter a name for the purge job in the Maintenance name field.
Specify a unique name for the job to help you distinguish it among others on the Database Maintenance page. By default the name is Recurring purge job -[current date][current time].Consider using a name that reflects characteristics of the job, such as:
- Type of events it purges (PurgeDeviceDeniedEvents_Daily)
- Time it runs (8:30AM_Daily_Purge_Job)
- Days it runs (Mon_Wed_Fri_Purge_Job)
- Age of events to purge (Remove_90_Day_Events)
- Select the frequency of the job: Daily or Weekly.
- Enter or select the date you want the job to start. It must be in the MM/DD/YYYY date format (for example, 05/18/2015).
- Enter or select the time you want the recurring purge job to start in the Start time field. It must be in the 12-hour time format (for example, 1:00PM).
- Enter the interval that you want the purge to occur in the Run every field. If you selected a frequency of Weekly, also select the days of the week the purge is to take place.
- [Optional] Enter or select the date on which you want to job to end. It must be in the MM/DD/YYYY date format (for example, 05/18/2015).
Now configure the database settings for the job.
- Set the minimum age of events (integer representing days) you want the job to purge in the Purge events older than field.
Only events older than the specified number are eligible for deletion. For example, if you enter 100 days all events 101 days and older are removed. Default: 90 days - Set the maximum number of minutes that the purge job can run in the Maximum purge duration field.
You may want to limit the purge duration so, for example, it does not coincide with replication or import/export tasks. The purge stops when the minutes set expire and the system finishes the current batch it is purging. Depending on how long it takes your database to purge a batch of a particular size, this can add several minutes to the actual purge duration. Default: 60 minutes - Set the number of rows to be included in each batch operation in the Batch size field.
A single purge typically includes multiple batch deletions. Larger batch sizes mean bigger database transactions and more database locks, as well as a purge durations exceeding your maximum setting. Default: 2000 rows - Click Next.
The Select Events to Purge panel is displayed. - Select all the event types (minimum one) you want purged from the database according to the schedule and configurations you have set for the job.
The most common events are selected by default:- Device Control: READ-DENIED, DEVICE-ATTACHED
- Application Control: Application execution granted, Trusted Updater added file to whitelist, Trusted Updater action information
The events types available are:
Application Control tab
Purge allowed application events:
Event
Description
Memory protection event Unauthorized code from outside the local file system was block from executing within an authorized process running in memory. Application execution granted An Application Control policy allowed an application to run on an endpoint. Purge denied application events:
Event
Description
Application execution denied An Application Control policy prevented an application from running on an endpoint. Purge Trusted Updater events:
Event
Description
Trusted Updater added file to whitelist A Trusted Updater policy specified an executable file that is allowed to run on an endpoint. Trusted Updater action information Information about actions performed by the Trusted Updater. Device Control tab
Purge device connection events:
Event
Description
MEDIUM-INSERTED User inserted a CD/DVD or removable media reader. DEVICE-ATTACHED Device was connected to an endpoint. (selected by default) Purge device denied events:
Event
Description
QUOTA-EXCEEDED User exceeded the daily copy limit. READ-DENIED User attempted to access an unauthorized device. (selected by default) WRITE-DENIED
User attempted to write a file to a read-only device.
WLAN-BLOCKED
User attempted to connect to a device through WLAN.
Purge file/print shadowing events:
Purging these events will not remove the Full File Shadow files associated with them. Device Control stores the files in <install_dir>\DeviceControl\Shadow and you need to remove them separately.
The <install_dir>can be changed in Tools > Options > Device Control tab > Server shadow directory field.Event
Description
WRITE-GRANTED User copied data to an authorized device. READ-GRANTED User accessed data on an authorized device. Purge keylogger events:
Event
Description
KEYLOGGER-DETECTED
A keylogger was detected.
KEYBOARD-DISABLED
User keyboard was disabled because a keylogger may be present.
- Click Finish.
You have scheduled a recurring purge job and it appears in the Database Maintenance page list.
After Completing This Task:
- After a job has run (Completed or Failed) you can click its name in the list to view its Purge Result Details page, see Viewing the Results of a Completed Recurring Purge Job.
- Delete a purge job from the Database Maintenance list, see Deleting a Scheduled Recurring Purge Job.