In one of our environments we configured a new session recording share. We are not interested in the old recordings anymore and didn't bother copying the old recording files over to the new share. We have a session recording purge policy configured to remove recordings older than X days. This works for the recordings created on the new share. But the Sessions > Session Recordings page continues to show entries for the old recordings that were written to the original share, even though they no longer exist.
Why does PAM not remove old entries in the Session Recordings table if the recording files are gone already?
The purpose of the current PAM session recording purge implementation is to remove files on the session recording share that are no longer needed. It is not meant to remove entries in the session recordings table on the PAM appliance that point to files not found on the share. The session recording purge works as follows:
- Get the list of recording files stored in the PAM DB that are older than the number of days configured in the purge policy under Configuration > Logs > Session Recording.
- For each file in the list, see whether it is found on the recording share. If not found, move to the next file.
- If the file is found, delete it and delete the reference in the PAM DB, then move to the next file.
Session recording references therefore are deleted only if the files they point to were found and were deleted.
Future PAM releases may have an additional purge option to remove stale old file references, but as of PAM 3.2.X this is not covered by the purge policy.