About alert purging
|Article:HOWTO63981|||||Created: 2011-12-20|||||Updated: 2011-12-20|||||Article URL http://www.symantec.com/docs/HOWTO63981|
Alert purging is a feature of Event Console that removes alerts from the database. Removal from the database is age-based. Age-based alert purging means that removal is based on the age of the alerts. Alert purging also lets you remove a target number of stored alerts and offers the enhanced function of purging unresolved alerts.
Age-based purging removes all alerts that are older than the specified number of days, which is calculated in 24-hour periods from the current time. Age-based purging removes old alerts regardless of their status or severity.
Target-number purging decreases the number of stored alerts by prioritizing the alerts that are based on age, status, and severity. When a target-number purge occurs, all resolved alerts that are older than the purge age are deleted first, from least to most severe. As soon as the number of stored alerts is less than the threshold, purging stops.
The "Do not purge unresolved alerts" function is enabled by default. If the threshold has not been reached when the purging is complete and you have disabled the "Do not purge unresolved alerts" function, unresolved alerts begin auto-resolving. Auto-resolved alerts are purged. If you have enabled the "Do not purge unresolved alerts" function, then purging is completed even if the threshold has not been met.
This purging process continues on the alerts that are newer than the specified purge age. Purging continues as long as needed to bring the number of alerts to less than the threshold. The system purges alerts by severity. Purging occurs in groups, not individually.
You can remove all the alerts from your database by first disabling the "Do not purge unresolved alerts" function. Then, you either set the target number of alerts to purge to zero (0) or set the age to zero days old for purging.
Article URL http://www.symantec.com/docs/HOWTO63981