Why is PAM retaining session recording entries for obsolete entries older than the purge policy setting?
search cancel

Why is PAM retaining session recording entries for obsolete entries older than the purge policy setting?

book

Article ID: 118691

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager (PAM)

Issue/Introduction

In one of our environments we configured a new session recording share. We are not interested in the old recordings anymore and didn't bother copying the old recording files over to the new share. We have a session recording purge policy configured to remove recordings older than X days. This works for the recordings created on the new share. But the Sessions > Session Recordings page continues to show entries for the old recordings that were written to the original share, even though they no longer exist.

Why does PAM not remove old entries in the Session Recordings table if the recording files are gone already?

Environment

PAM 3.4.X, PAM 4.0

Resolution

The purpose of the current PAM session recording purge implementation is to remove files on the session recording share that are no longer needed. It is not meant to remove entries in the session recordings table on the PAM appliance that point to files not found on the share. The session recording purge works as follows:

- Get the list of recording files stored in the PAM DB that are older than the number of days configured in the purge policy under Configuration > Logs > Session Recording.
- For each file in the list, see whether it is found on the recording share. If not found, move to the next file.
- If the file is found, delete it and delete the reference in the PAM DB, then move to the next file.

Session recording references therefore are deleted only if the files they point to were found and were deleted.

Future PAM releases may have an additional purge option to remove stale old file references, but as of PAM 4.0 this is not covered by the purge policy.

Additional Information

In a cluster environment, each node can have its own share. In this case, each node will only remove entries for files that are found on its own share.

When the recording storage is changed and PAM cannot find the associated file in the current storage, then the rows with missing files will stay in the database.