Deleting old audit events from the local Gateway database
search cancel

Deleting old audit events from the local Gateway database

book

Article ID: 42874

calendar_today

Updated On:

Products

STARTER PACK-7 CA Rapid App Security CA API Gateway

Issue/Introduction

Solution

Background

The CA API Gateway stores audit records in a local MySQL database container. These audit records contain information on administrative actions likes Policy Manager log-ins, system actions such as starting and stopping the Gateway, and message processing actions such as completed or failed messages. They can be a source of diagnostic data for troubleshooting or for providing an audit trail?for change and configuration?management systems. These audits may need to be maintained on a periodic basis based upon the size and quantity of the audit records that are generated.?

Presentation

The steps in this article will be of use if the following audit record or log message are recorded by the Gateway. This message indicates that a certain percentage of the Gateway database is consumed by audit records. If this message is present then this process should be executed:

WARNING 62 com.l7tech.server.audit.AuditArchiver: 2207: Audit Archive current database size 51% has reached and/or exceeded the soft limit of 50%.

If the Gateway is not accessible via the Policy Manager then an alternative article should be reviewed to forcefully remove audit records from the Gateway database. That article can be found here:?Audit Record Maintenance Without Downtime in Clustered Environment.

Resolution

Different variables will need to be taken into account when determining what constraints to use for selecting audit records to remove.?They include the:

  1. Audit record severity
  2. Presence of the request or response?messages
  3. Quantity of audit records being generated daily

Removing audit records is a destructive process and backing up existing audit records is recommended if they need to be maintained for regulatory compliance. The following procedure can be used to back up the existing audit records:

  1. Log in to the Gateway via the Policy Manager as an administrative user
  2. Select View or Monitor option from the main menu bar
  3. Select Gateway Audit Events
  4. Select File and?choose?Download All Audit Events to create an archive of the existing audit records
  5. Verify the proper receipt of the archive on a workstation or remote system
  6. Select File and choose?Delete Old Audit Events.

All audit records older than seven days will be removed. This threshold can be configured via the?audit.purgeMinimumAge cluster-wide property

Environment

Release:
Component: APIGTW