Help
FortiSOAR Knowledge Base
FortiSOAR: Security Orchestration and Response software provides innovative case management, automation, and orchestration. It pulls together all of an organization's tools, helps unify operations, and reduce alert fatigue, context switching, and the mean time to respond to incidents.
nmathur
Staff
Staff

Created on ‎07-29-2020 12:14 AM

Article Id 189647

Technical Note: Scheduled audit log purge functionality does not purge the audit logs

Description

You can schedule purging, on a global level, for audit logs by clicking the Settings icon and opening the "System Configuration" page. On this page, in the Purge Logs section you can define the schedule for purging the Audit Logs. 

Once you have setup purging the audit log should get purged as per the schedule you have setup. However, sometimes the scheduled audit log purge functionality does not work and the audit logs do not get purged.


Solution

To resolve this issue, do the following:

  1. Open the "AuditLog Cleanup" playbook located at: Settings > System Configuration > System Fixtures > Schedule Management Playbooks and click the AuditLog Cleanup playbook to open it in the playbook designer
  2. Click the Delete AuditLogs step to open this step and replace the text of its Body field with the following content:  
    {"uptoDate": {{arrow.utcnow().timestamp*1000 - vars.ttl_config.ttl*24*60*60*1000}} } 
    and then click Save.

  3. Click Save Playbook to save the changes to the playbook.
    Now, the     scheduled audit log purge functionality should work and the audit logs should get purged.

Labels:
288
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.