Database Purge Utility

<< Click to Display Table of Contents >>

Navigation:  Management Console / Utilities > Utilities >

Database Purge Utility

The database purge utility is installed as part of the Web Reports feature, and can be found in the "Database Wizards" sub folder of the EventSentry installation folder.

 

Required Options


<SYSTEM DSN>

 

<ACTION>

A System DSN pointing to the EventSentry database

or,

if EventSentry is installed on the same machine where you are running es_db_purge.exe then you can specify the name of the EventSentry action instead of the DSN name.

<FEATURE>

When purging records with this utility, you will need to indicate from which feature (e.g. EventLog or Performance) to actually delete the data from. See below for a list of available features, you may only select one feature at the time.

<DAYS/HOURS>

Purge records that are older than the specified number of days (default) or hours. Specify days by appending a "d" to the number, specify hours by appending a "h" to the number.

<USER>

Specify a user that has permissions to purge data

<PASS>

Password of <USER>



Optional Options


/count

Shows how many records will be deleted

/test

Don't actually purge data, only show how many records would be affected

/shrinkdb

Shrink database (MSSQL only) after the purge

/shrinklog

Shrink database log files (MSSQL only) after the purge

/log:<FILENAME>

Log all performed actions to a log file

 

warning_32

On Windows Vista and later, the purge utility needs to be executed from an elevated command prompt ("Run as Administrator") if it references an EventSentry action.

 

Examples

 

1. Purge all data from the "Primary Database" older than 90 days

es_db_purge.exe "Primary Database" AllTables 90d postgres postgrespw

 

2. Purge all event log data from the "Archive Database" action which is older than 366 days

es_db_purge.exe "Archive Database" EventLog 366d postgres postgrespw

 

3. Determine how much Syslog data is older than 30 days

es_db_purge.exe "Primary Database" Syslog 30d /test postgres postgrespw

 

Schedule

We recommend that you schedule the utility, for example through the EventSentry application scheduler (or the Windows task scheduler), to run on a regular basis at least every month. This ensures that your database does not accumulate unnecessary data.

 

The following table explains all supported feature names. You can also use the AllTables keyword to purge data from all tables.

 

Feature Name

Explanation

EventLog

Event log records

Diskspace

Disk space data

Performance

Performance data

ProcessTracking

Compliance: Process tracking data

LogonTracking

Compliance: Console Logon tracking data

PrintTracking

Compliance: Print tracking data

HeartbeatHistory

Heartbeat history

HeartbeatPing

Heartbeat ping history

ServiceHistory

Service history

SoftwareHistory

Software history

EnviroTempHumid

Temperature and humidity (if available) data

EnviroMotion

Motion data

Nessus

Nessus data

Syslog

Syslog data

Snmp

Snmp data

FileMonitoring

File Change monitoring data

LogFileDelimited

Data from delimited log files

LogFileNondelimited

Data from non-delimited log files

FileAccess

File Access Tracking information

UptimeHistory

Uptime history

ActionHistory

Action trigger history

ReportHistory

Report history

AccountMgmtUser

Compliance: Account Management Tracking (Users)

AccountMgmtGroup

Compliance: Account Management Tracking (Groups)

AccountMgmtComputer

Compliance: Account Management Tracking (Computer)

LogonAuthFailure

Compliance: Network Logon (Failure)

LogonAccountAuth

Compliance: Network Logon (Domain Account Authentication)

LogonByType

Compliance: Network Logon (Logon By Type)

PolicyChange

Compliance: Policy Change Tracking

LargeFiles

Disk Space data (large files only)

ScheduledTasks

Scheduled Tasks inventory data

NetFlow

NetFlow data