Using custom audit aging
For additional flexibility to manage audit data, the custom audit aging mechanism is used to contrive the configuration of TTL and limit audit event count which is based on entity or audit action type.
Custom audit aging encompasses both default aging and Sweep out options available throughout the audit data ecosystem.
Supported custom aging configurations
- atlas.audit.custom.ageout.entity.types=<List of entity ypes>
atlas.audit.custom.ageout.action.types=<List of audit action types>
Using these configurations, Atlas limits (with audit count) or age-out (with TTL) audit data for the configured entity and audit action types.
Custom audit aging configurations are categorized using the following use cases:
Example: Limit to five latest audits for hive_column.
|By Action Type||
Example: Delete all ENTITY_UPDATE audit events older than ten days.
|Limited audit by Action type for specific entity type||
Example: Limit to five latest ENTITY_UPDATE audits for hive_storagedesc entities.
Example: Limit to five latest audits created in last 1 week for hive_db entities