Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
Andy_G
Staff
Staff

Created on ‎10-05-2016 01:14 AM Edited on ‎03-30-2022 04:48 PM By Anonymous

Article Id 195584

Technical Note: [Accelops KB] How to purge, delete, remove, truncate events older than 'x' days

Description

Summary of Topic

This process describes how to purge events older than X days.  This applies only to the event db.

Steps

  1. Copy the attached purgeData.py script to the /tmp directory
  2. SSH to your accelops server
  3. Run 'su - admin'
  4. Run 'cd /tmp'
  5. Run 'python purgeData.py X'

 

Additional Information

Where X means to purge all the events prior to the most recent X days.  For example, if you have 300 days of data and you use 200 as a parameter, the script purge the oldest 100 days of events.

 

 Once copied to the /tmp directory, you may need to run dos2unix on the file to convert it to Linux format

dos2unix purgeData.py

Version Application

All

 

Preview file
2 KB
Labels:
2332
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.