Managing the audit log
Use audit disposition to automate the deletion of audit entries that you no longer need. Audit disposition is useful if you enable auditing for prolonged periods or if you save copies of the original or modified objects to the audit log. Configuring audit disposition involves creating and enabling one or more audit disposition policies for each object store, creating an auditing configuration for the domain or site, and managing unused bookmarks.
- Creating an audit disposition policy
- An audit disposition policy specifies the criteria that are used to identify audit entries for disposition.
One or more audit disposition policies can be specified for each object store.
- Setting the audit disposition schedule
- An audit disposition configuration consists of parameters that control how the disposition process is performed and an audit disposition schedule. The schedule specifies one or more time slots; each time slot defines a schedule for an audit disposition background task by specifying when the task starts and how long it runs. If the times of multiple time slots overlap, the overlapping time slots are effectively combined.
- Managing auditing bookmarks
- To support efficient operation of audit disposition, and to accurately process records in the audit log,
an audit processing application must set bookmarks.
A bookmark is a leave-off point in the audit log, which indicates the last record processed by the audit processing application.
When an audit processing application ends a session, it sets its bookmark with an audit sequence number corresponding to the last record processed;
when it later starts a new session, it retrieves its bookmark and resumes processing at the audit sequence number where it left off.
- Managing the audit log size
- If you have not enabled an audit disposition policy for the audit log, you can manually manage the size of the audit
log by using a search template to retrieve and process audit entries. You can customize the provided sample search templates or you can create your own search template. You can delete or export audit entries based on factors such as the date the entry was created or the user who created the entry.