Configure retention period for audit records

Audit records can be retrieved and searched using the CipherTrust Manager. You can query these records, but their availability depends on the configured retention period, after which they are deleted.

It is advised to update the audit policy for missing or deleted key issues.

A valid value must be a multiple of 24 hours.

Before you begin 

Generate a certificate signing request

Procedure: Set the Loki configuration retention period

  1. Open ksctl tool as Administrator.

  2. Navigate to the folder location where Loki audit logs are available.

  3. Execute the command:

    ksctl loki config modify --retention-time "<desired_retention_time>".

    For "<desired_retention_time>", the recommended value is 365 days x 24 h = 8760.

What to do next 

Key creation, key names, and rotation rules

Related topics 

CipherTrust Manager Administration