To configure data archiving, assign an archive policy to the connection.
Prerequisites
You have to configure an archive policy before starting this procedure. For details, see Archiving.
To assign an archive policy to the connection
-
Navigate to the connection (for example, to SSH Control > Connections).
-
Select the connection.
-
Select the archive policy you want to use in the Archive policy field.
-
Click .
-
Optional: To start the archiving process immediately, click Archive now. This functionality works only after a corresponding policy has been configured.
One Identity Safeguard for Privileged Sessions (SPS) can automatically archive audit trails older than a specified retention time. However, the .zat file and the metadata of the corresponding connections are not deleted from the SPS connection database. Deleting the stored data of old connections decreases the size of the database, making searches faster, and may also be required by certain policies or regulations.
In an audit data cleanup policy, you can specify the period after which the zat file and the metadata is deleted. You can also provide a lucene-like query, with which you can specify which sessions you want to delete. For example, using the query, you can create a filter for a specific protocol.
For more information, see Configuring cleanup policies.
In an audit data cleanup policy, you can specify the period after which the zat file and the metadata is deleted. You can also provide a lucene-like query, with which you can specify which sessions you want to delete. For example, using the query, you can create a filter for a specific protocol.
To add a new audit data cleanup policy
-
Navigate to Policies > Audit Data Cleanup Policies.
-
Select Add new audit data cleanup policy.
Figure 74: Policies > Audit Data Cleanup Policies — Configuring an audit data cleanup policy
-
In Policy name, specify a unique name for the audit data cleanup policy.
-
In Audit data query, which is a lucene-like query, specify to which audit data the cleanup policy applies.
To fill this query, specify, for example, a field and the related term. Optionally, you may add a boolean operator and specify another field and related term. For example, to specify the audit data of the SSH protocol and the ssh-connection-policy connection policy to be cleaned up, in Audit data query, type protocol:SSH AND recording.connection_policy:ssh-connection-policy
-
In the Audit data retention period field, enter how long (in days) SPS must keep the zat file and the metadata. For example, if you specify 365, SPS deletes the audit data of connections older than a year.
The default value is 90 days for this field, with an accepted value range of 30-100,000 days.
NOTE: The database cleanup occurs once a day at 22:01 PM.
NOTE: Since the database cleanup happens once a day at 22:01 PM, if you specify the same retention time for an archive policy, for example, 90 days in the Audit data retention period field, ensure that the archiving is set to start before 22:01 PM.
-
To save your changes, click Commit changes.
-
Optionally, repeat the steps to create new audit data cleanup policies for other protocols and connections.
Expected outcome
Every day, SPS deletes the zat file and the metadata of connections that are older than the given cleanup time from the connection database.
To download the official plugins for your product version, navigate to the product page on the Support Portal. The official plugins are also available on GitHub .
To write your own custom plugin, feel free to use our Plugin SDK.
Figure 75: Basic Settings > Plugins — Viewing the uploaded plugins
The following plugin types can be uploaded to SPS: