Using stored password
To use stored password and avoid plaintext password in the purge script, try following steps,
1. Create stored password MySQLAdminPwd in policy manager, ensure "Permit use via context variable reference" option is checked
2. Publish the attached policy getPwd-1.0.xml, ensure the resolution path is /getPwd
3. In audit_purge.sh
comment out the line:
un-comment the line:
#DBPWD=`/usr/bin/wget -O- -q --no-check-certificate https://localhost:8443/getPwd?p=dbadminpwd`
4. (Optional )to test if the getPwd service and stored password is configured properly, run the command on gateway server:
/usr/bin/wget -O- -q --no-check-certificate https://localhost:8443/getPwd?p=dbadminpwd
It should show the password of the stored password MySQLAdminPwd
Cron job example
To edit cron job,
0 23 * * * /opt/SecureSpan/Appliance/bin/audit_purge.sh -v -p > /tmp/audit_purge.log
It runs audit purge daily at midnight(11pm).
1. database batch jobs will always impact the DB performance, so the cron job should be always scheduled at non-business hours.
2. the more frequent of the purge job, the time it needs will be less for each time, so daily job should be a good idea, or weekly job at weekend.
3. NOTE, the first time of purge could take long time, hence the gateway might look like outage, recommend to run first purge manually at a scheduled time window.
(by default, it only purges 5000 records each time, so specify the -l option for the first time of purge. Or run it few times)