By default, the existing data retention policies are set to a minimum of 90 days. Complete the following steps to change the minimum number of days to 1:
Login to the web console. Navigate to Administration > Storage > Events.
Under Data Retention, you will see 5 default policies created. Click Edit.
Change the Keep at least option from 90 days to 1 day.
Repeat the step for all the default policies.
A retention policy is created to segregate the event into multiple data partitions in order to enhance the server performance. The policy contains a filter that is used to identify the events for which the retention policy applies and the minimum and maximum number of days these events should be kept in the system.
Login to Change Guardian web console.
Navigate to Administration page. Click Storage > Events.
Under Data Retention, click Create to create a new policy.
Specify the following:
Policy name: Set a name for the policy.
Criteria: Set the policy as per the below criteria:
(estzhour:[0 TO 3])
Keep at least: Minimum number of days to retain the policy. Set the minimum number of days to 1.
Keep at most: Maximum number of days to retain the policy.
Repeat step 4 until you create multiple policies for 24 hours.
(estzhour:[4 TO 7])
(estzhour:[8 TO 11])
(estzhour:[12 TO 15])
(estzhour:[16 TO 19])
(estzhour:[20 TO 23])
Restart server service by running the command:
rcsentinel restart