7.4.4.3 Processing for Purging

The process for purging is as follows:

1. Once you execute the run_alert_purge.sh script, the Alert Purge Utility generates a listing of actions, matches, and alerts or cases that it must purge according to the rules specified at the command line, or the default rule set configured in the install.cfg file.
2. After the script is executed, the actions, alerts, and cases are recorded in the <OFSAAI Installed Directory>/database/db_tools/logs/purge.log file.

   Note:

   The utility presumes that you have determined the input parameters to specify what matches, alerts, and actions to purge. The utility does not check against the data to verify what it should purge.

   To capture the SQL statements naming, set log.diagnostic=true in the install.cfg.

3. The utility then purges actions, then matches, then alerts, according to the contents of the KDD_AP_ACTION, KDD_AP_MATCH, and KDD_AP_ALERT tables.
4. The utility captures purging results and any errors in the purge.log and a report (having the naming convention Purge_<YYYYMMDD.HH.MM.SS>.txt) files.

   Note:

   The Alert Purge Utility purges data from archive tables for erroneous alerts. Also, the system does not update score and previous match count values associated with generated matches and alerts since creation of the erroneous matches.

Automatic Restart Capability

The Alert Purge Utility has an automatic restart capability in that any interruption in the purge processing resumes at that point, regardless of the input parameters. The system documents log information about the interruption in the <OFSAAI Installed Directory>/database/db_tools/logs/ purge.log file. Otherwise, any restart that has not progressed to the purge component behaves as a new processing run.

The restart capability allows interrupted purges to resume at a convenient point, but is unable to execute all desired input parameters.