Imperva Cyber Community

communities_1.jpg
 View Only

  • 1.  IMPERVA DAM : Audit Archive

    Posted 03-10-2026 13:55
    Edited by Mohammad Arif Khan 03-11-2026 02:48

    Dear All,

    I am currently working on configuring the audit archive, as the audit logs were previously being stored on the gateways due to the external storage being unavailable.

    Since the external storage was not configured earlier, the gateways are now reaching 100% capacity (please find the attached reference).

    I would like to seek guidance on configuring the audit archive so that audit logs older than two months are archived, while keeping the most recent one month of logs on the gateway.

    Additionally, I would like to confirm whether it is feasible to archive audit data based on a condition that only logs older than two months are archived. If this is possible, please also advise on how the purge process can be configured for the same duration.

    Thank you for your support.

    image


    #AllImperva
    #DatabaseActivityMonitoring

    ------------------------------
    Mohammad Arif Khan
    Engineer

    ------------------------------



  • 2.  RE: IMPERVA DAM : Audit Archive

    Posted 03-27-2026 05:39
    Edited by Somnath Shinde 03-27-2026 05:40

    In Imperva DAM, audit archiving is schedule-based, not condition-based.
    So, archiving only logs older than 2 months is not supported.

    Recommendation:

    1.Configure archive: Setup → Settings → Archive Settings

    2.Run archive job: Daily

    3.Configure purge: Admin → Maintenance → Audit Data Purge → 3/4 weeks as per storage capacity

    Last 30 days → kept on Gateway

    Older logs → archived and purged

    For 2+ months retention, keep data on external storage, not Gateway.



    ------------------------------
    Somnath Shinde
    Engineer
    ------------------------------



  • 3.  RE: IMPERVA DAM : Audit Archive

    Posted 03-30-2026 06:20

    Dear Somnath Shinde,

    Thank you, and I appreciate your response and clarification.

    Could you please also advise on the below scenario:

    • Currently, the gateways retain 3 months of historical data.
    • If I execute the archive task, it will archive all available data.
    • If a purge policy is then configured to remove data older than 1 month from the gateways, it would effectively delete 2 months of older data.

    My concern is regarding the subsequent archive cycle-will it re-archive the 1-month-old data that was not purged, or will it only process newly generated data?

    Could you please help clarify how this process works and suggest the best approach?

    Thank you for your support.



    ------------------------------
    Mohammad Arif Khan
    Engineer
    Federal Tax Authority
    ------------------------------

    Original Message


  • 4.  RE: IMPERVA DAM : Audit Archive

    Posted 03-31-2026 04:43

    Answer -:

    My concern is regarding the subsequent archive cycle-will it re-archive the 1-month-old data that was not purged, or will it only process newly generated data? - If  you configured external archive storage and sync with Imperva Audit Achieve job then it will consider your 01 month old data, along with your new audit data because Job schedule based on the audit logs timings and work accordingly.



    ------------------------------
    Shashank Mahendra
    Information Security Analyst
    Amdocs Inc
    SAINT LOUIS MO
    ------------------------------

    Original Message