An audit disposition policy specifies the criteria that are used to identify audit entries for disposition. One or more audit disposition policies can be specified for each object store.
The criteria for selecting audit records for deletion is specified in a disposition rule. For example, you can create a rule to delete update events after three months.
You can also manage bookmarks on this tab. See Managing auditing bookmarks for more information about bookmarks.
To create an audit disposition policy
where
clause of a query expression.
For example, to delete events after three months, enter
IsClass(source, UpdateEvent) AND DateCreated < NOW() - TimeSpan(90,'days')
.
See SQL Syntax Reference for more information.
The properties referenced in a disposition rule are relative to the event object, not to the source object of the event. However, you can reference source object properties that are directly on the event object, for example, the source object class.