7.3.3 Processing for Purging

The process for purging is as follows:

1. Once you execute the run_alert_purge.sh script, the Alert Purge Utility generates a listing of actions, matches, and alerts or cases that it must purge according to the rules specified at the command line, or the default rule set configured in the install.cfgfile.
2. After the script is executed, the actions, alerts, and cases are recorded in the <OFSAAI Installed Directory>/database/db_tools/logs/purge.log file.

   Note:

   • The utility presumes that you have determined the input parameters to specify what matches, alerts, and actions to purge. The utility does not check against the data to verify what it should purge.
   • To capture the SQL statements naming, set log.diagnostic=true in the install.cfg.
3. The utility then purges actions, then matches, then alerts, according to the contents of the KDD_AP_ACTION, KDD_AP_MATCH, and KDD_AP_ALERT tables.
4. The utility captures purging results and any errors in the purge.log and a report (having the naming convention Purge_<YYYYMMDD.HH.MM.SS>.txt) files.

   Note:

   The Alert Purge Utility purges data from archive tables for erroneous alerts. Also, the system does not update score and previous match count values associated with generated matches and alerts since creation of the erroneous matches.