When are incidents deleted from the database?


Article ID: 159889


Updated On:


Data Loss Prevention Enforce


In the Enforce UI incidents are marked for deletion. On a regular basis another process purges the marked incidents from the database.


Please note - the steps in this article apply to DLP versions prior to 12.0. In DLP 12.5 and higher, the incident deletion process has changed, with many options available in the Enforce Manager console. Please see the relevant release of the DLP Administrator Guide for more details.


Incidents deleted within the UI are purged from the Oracle database on a regular interval.

The interval is controlled by the manager.properties


Both property values are milliseconds.

The delay value is how long after the Enforce starts that the first purge occurs.

The period value specifies how long after the first purge (and all subsquent purges) the next purge will occur.

The above values specify a delay of 6 hours before the first purge,

(6 hours * 60 min/hour * 60sec/min * 1000msec/sec  = 21600000 msec)

and a period of 24 hours.

(24 hours * 60 min/hour * 60sec/min * 1000msec/sec  = 86400000 msec)

If the Enforce Server is started at 5PM, the initial incident purge will occur 6 hours later, at 11 PM that day.  All subsequent purges will occur 24 hours later, or 11 PM every day.

NOTE:  Message components (attachments) are deleted when the related incidents are deleted.