Audit management (dm_AuditMgt)

The Audit Management tool deletes audit trail entries. When an audited event occurs, an audit trail entry is created for that event. If the audit trail entries are not removed periodically, the tables for the dm_audittrail object type can grow quite large and performance degrades when audited events occur. The Audit Management tool automates the task of removing unnecessary audit trail objects.

The following table describes the arguments for the dm_AuditMgt job that can be modified.

Table 7.1. dm_AuditMgt arguments

ArgumentDescription
window_intervalDefines window, in minutes, in which the job can run.
queuepersonSpecifies the user who receives Inbox and email notifications from the job.
cutoff_daysSpecifies the age of the objects to delete. The default value is 90 days.
custom_predicate

The custom_predicate argument is applied to those items meeting the age requirement specified in the cutoff_days argument. By default, the custom predicate includes three conditions:

  • delete_flag=TRUE

    This condition cannot be modifed.

  • dequeued_date=value (value is computed using the cutoff_days argument)

    This condition cannot be modifed.

  • r_gen_source=1

    Directs the server to delete only audit trail objects generated by system-defined events. To remove only audit trail objects generated by user-defined events, change the value to 0. To remove audit trail objects generated by both system- and user-defined events, remove the r_gen_source expression from the custom predicate.

    You can also add other conditions (for example, event=approved) to the default custom predicate.

The Audit Management tool generates a status report that lists the deleted dm_audittrail entries. The report is saved in the /System/Sysadmin/Reports directory. The Audit Management tool is installed in the inactive state. The first time you execute the tool, it can take a long time to complete.