One Identity Safeguard for Privileged Sessions (SPS) can automatically archive audit trails older than a specified retention time. However, the metadata of the corresponding connections is not deleted from the SPS connection database. Deleting the stored data about old connections decreases the size of the database, making searches faster, and might be also required by certain policies or regulations. The period after metadata is deleted can be specified individually for the different protocols, (for example, data about SSH connections can be stored longer than other connections) and also for every connection policy.
To configure SPS to delete the metadata of old connections for a particular protocol
Navigate to the Global Options page of the respective protocol, for example, to SSH Control > Global Options.
Figure 11: <Protocol name> Control > Global Options — Configuring connection database cleanup for a protocol
Enter how long SPS (in days) should keep the metadata into the Delete search metadata from SPS after field. For example, if you specify 365, SPS will delete the data of connections older than a year. Enter zero (0) to keep the data indefinitely (this is also the default behavior of SPS).
|
NOTE:
The database cleanup occurs once a day at 22:01 PM. The time you specify in the Delete search metadata from SPS after field cannot be shorter than the Delete data from SPS after field set for the Archive policies used in the connections of this protocol. Note that since the database cleanup happens once a day at 22:01 PM, if you specify the same retention time, for example, 1 day in the Delete data from SPS after field, ensure that the archiving or cleanup is set to start before 22:01 PM. The time you specify in the Delete search metadata from SPS after field cannot be shorter than the Delete search metadata from SPS after field set in the individual connection policies of this protocol. |
Click and repeat the previous step for other protocols if needed.
Figure 12: <Protocol name> Control > Connections — Configuring connection database cleanup for a connection
To delete the metadata of certain connections earlier than the time set in the Global Options > Delete search metadata from SPS after field of the protocol, navigate to the particular connection policy, and enter how long SPS (in days) should keep the metadata of the sessions of this connection policy into the Delete search metadata from SPS after field. Enter zero (0) to use the settings of the protocol (this is also the default behavior of SPS).
|
NOTE:
The time you specify in the Delete search metadata from SPS after field cannot be shorter than the Delete data from SPS after field set for the Archive policies used in the connections of this protocol. Note that since the database cleanup happens once a day at 22:01 PM, if you specify the same retention time, for example, 1 day in the Delete data from SPS after field, ensure that the archiving or cleanup is set to start before 22:01 PM. |
Click and repeat the previous step for other connections if needed.
Every day SPS deletes the metadata of connections older than the given cleanup time from the connection database.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. 이용 약관 개인정보 보호정책 Cookie Preference Center