The database purge utility is installed as part of the Web Reports feature, and can be found in the "Database Wizards" sub folder of the EventSentry installation folder.
Required Options |
|
<SYSTEM DSN>
<ACTION> |
A System DSN pointing to the EventSentry database or, if EventSentry is installed on the same machine where you are running es_db_purge.exe then you can specify the name of the EventSentry action instead of the DSN name. |
<FEATURE> |
When purging records with this utility, you will need to indicate from which feature (e.g. EventLog or Performance) to actually delete the data from. See below for a list of available features, you may only select one feature at the time. |
<DAYS/HOURS> |
Purge records that are older than the specified number of days (default) or hours. Specify days by appending a "d" to the number, specify hours by appending a "h" to the number. |
<USER> |
Specify a user that has permissions to purge data |
<PASS> |
Password of <USER> |
Optional Options |
|
/count |
Shows how many records will be deleted |
/test |
Don't actually purge data, only show how many records would be affected |
/shrinkdb |
Shrink database (MSSQL only) after the purge |
/shrinklog |
Shrink database log files (MSSQL only) after the purge |
/shrinkindexes |
Shrink indexes (PostgreSQL only) after purge, may require significant amounts of temporary disk space |
/log:<FILENAME> |
Log all performed actions to a log file |
/host:<HOSTNAME> |
Only delete data logged by HOSTNAME. When specified, does not remove NetFlow or ADMonitor data. |
/utc |
Data in database is written with UTC timestamp, automatically detected when passing an action name |
|
On Windows Vista and later, the purge utility needs to be executed from an elevated command prompt ("Run as Administrator") if it references an EventSentry action. |
Examples
1. Purge all data from the "Primary Database" older than 90 days
es_db_purge.exe "Primary Database" AllTables 90d postgres postgrespw
2. Purge all event log data from the "Archive Database" action which is older than 366 days
es_db_purge.exe "Archive Database" EventLog 366d postgres postgrespw
3. Determine how much Syslog data is older than 30 days
es_db_purge.exe "Primary Database" Syslog 30d /test postgres postgrespw
4. Delete event log data only from host DC03 older than 90 days
es_db_purge.exe "Primary Database" EventLog 90d /host:DC03 postgres postgrespw
Schedule
We recommend that you schedule the utility, for example through the EventSentry application scheduler (or the Windows task scheduler), to run on a regular basis at least every month. This ensures that your database does not accumulate unnecessary data.
The following table explains all supported feature names. You can also use the AllTables keyword to purge data from all tables.
Feature Name |
Explanation |
EventLog |
Event log records |
Diskspace |
Disk space data |
Performance |
Performance data |
ProcessTracking |
Compliance: Process tracking data |
LogonTracking |
Compliance: Console Logon tracking data |
PrintTracking |
Compliance: Print tracking data |
HeartbeatHistory |
Heartbeat history |
HeartbeatPing |
Heartbeat ping history |
ServiceHistory |
Service history |
SoftwareHistory |
Software history |
EnviroTempHumid |
Temperature and humidity (if available) data |
EnviroMotion |
Motion data |
Nessus |
Nessus data |
Syslog |
Syslog data |
Snmp |
Snmp data |
FileMonitoring |
File Change monitoring data |
LogFileDelimited |
Data from delimited log files |
LogFileNondelimited |
Data from non-delimited log files |
FileAccess |
File Access Tracking data |
RegistryTracking |
Registry tracking data |
UptimeHistory |
Uptime history |
ActionHistory |
Action trigger history |
ReportHistory |
Report history |
AccountMgmtUser |
Compliance: Account Management Tracking (Users) |
AccountMgmtGroup |
Compliance: Account Management Tracking (Groups) |
AccountMgmtComputer |
Compliance: Account Management Tracking (Computer) |
LogonAuthFailure |
Compliance: Network Logon (Failure) |
LogonAccountAuth |
Compliance: Network Logon (Domain Account Authentication) |
LogonByType |
Compliance: Network Logon (Logon By Type) |
PolicyChange |
Compliance: Policy Change Tracking |
LargeFiles |
Disk Space data (large files only) |
ScheduledTasks |
Scheduled Tasks inventory data |
NetFlow |
NetFlow data |
ADMonitor |
ADMonitor object changes |
ADMonitorGroupPolicy |
ADMonitor group policy changes |
SysmonNetwork |
Sysmon network data |
ValidationScripts |
Validation script data |
PermissionStatus |
Permission Inventory data |
