Using default audit aging

You can use the default audit aging mechanism to configure Time-to-Live (TTL), audit count limit, and disable default audit aging processes.

Using Time-to-Live (TTL) configuration

(TTL) is a value for the period of time that a packet, or data, should exist on a computer or network before being discarded.

Configuration to set TTL: atlas.audit.default.ageout.ttl.in.days

This configuration makes a final decision on how long the audit data can be retained in the database. This configuration is used by the Audit aging scheduler to delete all audit data when the audit data lifetime crosses the configured TTL. This configuration is applicable for all entity and audit action types.

By default only TTL will be configured for 90 days and no audit count will be considered.

As an example for TTL configuration usage, consider the following scenario::

You must maintain the entire audit data only for 40 days. The following configuration deletes audit data older than 40 days.

Using Audit count limit parameter

Configuration to set allowed: atlas.audit.default.ageout.count

Using this configuration limits audit data for each entity. Atlas deletes all old audit data exceeding the configured audit count for all entities. This configuration is applicable for all entity and audit action types.

As an example for Audit limit count configuration usage, consider the following scenario:

You must maintain only the latest 20 audits for any entity.

atlas.audit.default.ageout.count=20

Using Disable Default Audit Aging parameter

Configuration to disable default audit aging: atlas.audit.default.ageout.enabled

For all entities, the process is default aging. This process consumes more time and resources. Under certain circumstances, if you want to execute only custom aging or sweep out features for minimal data, using this property default aging can be disabled.

By default, default audit aging is enabled.