- System requirements
- Minimum privileges required
- Default port configuration
- Installing DataSecurity Plus
- Uninstalling DataSecurity Plus
- Starting DataSecurity Plus
- Launching DataSecurity Plus
- Configuring your solution
- Licensing details
- Applying a license
- About File Auditing
- Domain configuration
- File server configuration
- Failover cluster configuration
- NetApp server configuration
- Workgroup configuration
Setting up File Audit
- About File Analysis
Setting up File Analysis
Data Risk Assessment
- About Data risk assessment
Setting up Data risk assessment
- About Endpoint DLP
Setting up Endpoint DLP
- About Cloud Protection
- Gateway Server Configuration
- Certificate Authority Configuration
- Gateway Configuration in Endpoint
- Manage Certificate Trust Store
- Threat Analytics Database
- Manage Banned Applications
- Manage Authorized Applications
- Gateway Server Failover
- Two-way SSL configuration
- Global Insight
- Application Insight
- User Insight
- Shadow Application Insight
- Banned Application Insight
- Cloud Access Reports
- Application Insights
- Shadow Cloud Application Reports
- Banned Cloud Application Reports
- File Upload Reports
Setting up Cloud Protection
- Technician configuration
- Email configuration
- Notification filters
- Manage agent
- SIEM integration
- Business hours configuration
- Two-factor authentication
- Workgroup configuration
- Security policy
- Agent document
- How to Migrate/Move DataSecurity Plus
- How to apply SSL certificate
- How to automate DataSecurity Plus database backup
- How to set alerts in DataSecurity Plus
Archive endpoint events
Audit data that is older than a specified time range can be cleared from the primary database, zipped, and archived. Archiving allows you to manage disk space and limit database growth.
The archive process only moves the data from the database to a secondary location; it does not delete the event data. You will still be able to generate reports and analytics for it by loading the archived events onto the console when necessary.
The archive process will happen automatically at user-specified intervals. The schedule runs at 2am to minimize disruptions to your environment.
Editing archive schedules
To view and edit the archive schedule configuration, follow the steps below.
- Log in to the DataSecurity Plus web console as an administrator.
- Select Endpoint DLP from the applications drop-down.
- Navigate to Configuration > Storage Management > Archive Events. The table will show various audit event categories, the size of data in each, the interval (in days) after which each will be archived, and the number of events that will be archived at the next scheduled archive.
- To modify the archive schedules for audit data, enter the number of days after which you want to run the schedule. You can schedule archival at different intervals—between one and 180 days—for each of the below event categories.
- Audit reports
- Email audit reports
- Printer audit reports
- Classification reports
You can also choose to run the schedule at any point between the configured intervals by clicking the Run Now option on the right side of the page.
Note: If the number of events in a category exceeds 3 million, then those events will be archived automatically, even if the specified interval has not been completed. This event archive schedule will run at 2am as well.
Modifying the archive location
The archives can be stored locally on the file server or on a shared drive.
By default, the archived event data will be saved to C:\Program Files (x86)\ManageEngine\DataSecurity Plus\apps\dataengine-xnode\data\archive\endpoint-audit.
To modify this, follow the steps below:
- Navigate to Endpoint DLP > Configuration > Storage Management > Archive Events.
- Provide the new path in the Archive Folder Location field.
Best practice: We recommend changing the archive location as infrequently as possible to enable easier management and ensure faster retrieval.