Managing the audit log

Use audit disposition to automate the deletion of audit entries that you no longer need. Audit disposition is useful if you enable auditing for prolonged periods or if you save copies of the original or modified objects to the audit log. Configuring audit disposition involves creating and enabling one or more audit disposition policies for each object store, creating an auditing configuration for the domain or site, and managing unused bookmarks.

Creating an audit disposition policy
An audit disposition policy specifies the criteria that are used to identify audit entries for disposition. One or more audit disposition policies can be specified for each object store.
Setting the audit disposition schedule
An audit disposition configuration consists of parameters that control how the disposition process is performed and an audit disposition schedule. The schedule specifies one or more time slots; each time slot defines a schedule for an audit disposition background task by specifying when the task starts and how long it runs. If the times of multiple time slots overlap, the overlapping time slots are effectively combined.
Managing auditing bookmarks
To support efficient operation of audit disposition, and to accurately process records in the audit log, an audit processing application must set bookmarks. A bookmark is a leave-off point in the audit log, which indicates the last record processed by the audit processing application. When an audit processing application ends a session, it sets its bookmark with an audit sequence number corresponding to the last record processed; when it later starts a new session, it retrieves its bookmark and resumes processing at the audit sequence number where it left off.
Managing the audit log size
If you have not enabled an audit disposition policy for the audit log, you can manually manage the size of the audit log by using a search template to retrieve and process audit entries. You can customize the provided sample search templates or you can create your own search template. You can delete or export audit entries based on factors such as the date the entry was created or the user who created the entry.