CSP - How to purge logs from CSP Manager?
Created: 04 Feb 2013 | 4 comments
How do I manage/purge the logs from the management server? The reporting is taking longer and longer as more events are recorded. I am in the midst of modifying the "strict" policy and want to purge events after I install a new/modified policy.
Discussion Filed Under:
Comments 4 Comments • Jump to latest comment
1) dump transaction SCSPDB with no_log
2) truncate table dbo.CSPEVENT where EVENT_DT < (SELECT CONVERT(DATETIME, CONVERT(SMALLDATETIME, GETDATE(), 112)) - 3)
For three days
Hi George
Maybe you mean purge events from the SCSP database? Try this;
Go to the admin page, then System Settings. On the General settings tab are check boxes to purge events. By default these are turned off.
Let us know if that helps.
Email me if you like.
Please mark posts as the solutions if they solve your problem!
Will VanderLinden
ITS Partners
check this link
https://www-secure.symantec.com/connect/articles/h...
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
George -
Your problem is a common one and there is currently not an easy method to acheive what you desire. The only purge option provided by CSP configuration is a event age driven option. (eg Purge events older than 90 days). This purge will delete all events older than the # of days specified.
Any other db 'pruning' must be done manually through SQL. My suggestion would be to use a policy(s) that is specifically labeled(named) for tuning. This way you can focus your pruning on ONLY events with the specified policy name. This will negate the need for complex queries to identify tuning related events.
Looking for real-time reporting and data visualization for your Symantec Security solutions? http://www.trysolve.com
Would you like to reply?
Login or Register to post your comment.