Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Autoremove Data

Autoremove Data provides a mechanism to automatically manage the large amount of data that Snare Central is capable of collecting. Snare administrators can establish scheduled deletion tasks based on data age, log type, log name or agent.

Standards like PCI DSS have minimum time retention on logs, and the Autoremove Data capability allows automatic purging of Snare data after a defined period of time. This feature is flexible enough to support different log data aging criteria for different types of data or different sources of the data (agents).


When configuring this functionality the administrator will be able to list, create, delete, modify and schedule 'autoremove' tasks. Snare Central support up to 100 auto-remove tasks.

The following criteria are available:

  1. Agent: files associated with this Agent match term
  2. Date: files associated with this Date match term
  3. LogType: files associated with this Log Type match term
  4. All: Remove all files that meet the defined age criteria.


A Test button is provided for testing the matching and age criteria upon the actual Snare data showing a list of files that will be affected by the task.

A list of deleted files will be logged in the Snare Log file after a successful execution, along with any notifications as a result of problems with the removal process.

Remove Data

The Remove Data pageĀ  provides the ability to remove data by date, log type or agent.



Selecting a date (or range of dates), will update the Log Type Selection column, to display a list of log types that are available for the chosen date(s). Choosing a log type will update the list of agents that are available for the chosen log types and dates.

Once you are satisfied with your selection, clicking the Remove the selected data button will start the process of removing the actual underlying files, and regenerating the metadata associated with those particular dates, log types and agents.

It may take up to 15 minutes for the changes made by the file removal process to reflect in the list of dates/log types and agents displayed on this or any other pages that rely on the Snare Central metadata subsystem.




  • No labels