Managing the audit log size

If you have not enabled an audit disposition policy for the audit log, you can manually manage the size of the audit log by using a search template to retrieve and process audit entries. You can customize the provided sample search templates or you can create your own search template. You can delete or export audit entries based on factors such as the date the entry was created or the user who created the entry.

IMPORTANT Do not manually manage the size of the audit log if you have enabled an audit disposition policy for the audit log.

Audit events remain in the audit log even if the audited object is deleted. You can use the Content Engine Query Builder to find and delete these audit events. Also, the FileNet P8 software provides search templates for deleting and exporting these audit events.

The FileNet software provides search templates that perform the following actions. Before running one of the provided search templates, read its description to learn what it does, and also examine the search definition itself to fully understand the impact of running it along with its bulk operations.

You can find these search templates under the Saved Searches node in Enterprise Manager. You can also write your own bulk operation search templates, or you can modify the provided samples. See Search and bulk operations for more information about using search templates and bulk operations to manage the audit log.

To run a Content Engine-provided search that includes bulk operations

  1. In Enterprise Manager, select the Saved Searches node. (The searches that appear in the results pane are files with a file name extension of .sch that have been saved to the Content Engine location default_installation_path\SearchTemplates.)
  2. Right-click one of the saved searches and click Open.
  3. Run the search or search template. When the query is complete, Enterprise Manager displays the search result set, if there is one, under its Search Results node.