When I archived records in auditing using below command then some of records are still present in _aud-audit-data table. Means records related to specific event-id were not deleted. I tried no. of times but records are still present in _aud-audit-data table. Some Event-IDs are 10100, 10101,10209,10600, 10601, 10500, 31998, 31999, 33151, 33169, 33170.
Command :- proutil dbname -C auditarchive -U userid-P passwd -directory directorypath
1. How do I archive records related to above event-ids. Is there any way ?
2. Above command creates .abd file. Is there any way by which it will not create .abd file if I dont want ?
Help would be appreciated.
Thanks!
For your second question - you can mention '/dev/null' as the output destination if you don't want .abd file
Eg:
proutil sports -C auditarchive -userid testuser -password testuser -directory /dev/null
For your second question - you can mention '/dev/null' as the output destination if you don't want .abd file
Eg:
proutil sports -C auditarchive -userid testuser -password testuser -directory /dev/null
Thanks for your suggestion. It is working fine.....