Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

CSP - How to purge logs from CSP Manager?

Created: 04 Feb 2013 | 4 comments

How do I manage/purge the logs from the management server?  The reporting is taking longer and longer as more events are recorded.  I am in the midst of modifying the "strict" policy and want to purge events after I install a new/modified policy.

Comments 4 CommentsJump to latest comment

freespirit's picture

1) dump transaction SCSPDB with no_log
2) truncate table dbo.CSPEVENT where EVENT_DT < (SELECT CONVERT(DATETIME, CONVERT(SMALLDATETIME, GETDATE(), 112)) - 3) 

For three days

Will V's picture

Hi George

Maybe you mean purge events from the SCSP database?  Try this;

Go to the admin page, then System Settings.  On the General settings tab are check boxes to purge events.  By default these are turned off.

Let us know if that helps.

Email me if you like.

 

 

Please mark posts as the solution if they solve your problem!

AMoss's picture

George -

 

Your problem is a common one and there is currently not an easy method to acheive what you desire.  The only purge option provided by CSP configuration is a event age driven option.  (eg Purge events older than 90 days).  This purge will delete all events older than the # of days specified.

Any other db 'pruning' must be done manually through SQL.  My suggestion would be to use a policy(s) that is specifically labeled(named) for tuning.  This way you can focus your pruning on ONLY events with the specified policy name.  This will negate the need for complex queries to identify tuning related events.

Looking for real-time reporting and data visualization for your Symantec Security solutions?  http://www.trysolve.com