Audit log settings FAQ

Answers to frequently asked questions (FAQ) and related information provide insight into various aspects related to Control Room settings.

Do all Automation 360 deployments support retention of audit logs?
The option to retain audit logs is available only on On-Premises deployments. For Automation 360 Cloud Data Retention Policy, see Automation 360 Cloud FAQ.
Which all Automation 360 releases support audit log retention?
The Audit log retention option is available starting from the Automation 360 v.30 release.
Is audit log retention enabled when I update to the On-Premises release v.30 release or later?
The Audit log retention option is disabled (Do not purge) when you update to On-Premises release v.30 release or later. You can enable this option if required.

See Configure Settings.

Is audit log retention enabled when I install a new version of the On-Premises release v.30 release or later?
Audit log retention is enabled (Purge older than 15 months) when you install a new version of the On-Premises release v.30 release or later. You can disable audit log retention if required.

See Configure Settings.

How does audit log retention work?
  • When the option is enabled, all audit log entries are retained for a period of 15 months (5 quarters).

    After 15 months, all the entries are deleted.

  • When the option is disabled, all audit log entries are retained.
If the audit log retention option is enabled and if I later disable this option, what happens to audit log entries?
Audit log entries are not deleted from the time you disabled the retention option.
Can I change the duration for retaining audit log entries?
No, the duration cannot be changed. When the option is enabled, audit log entries older than 15 months are deleted.
How frequently are the audit log entries deleted?
Audit log entries older than 15 months (5 quarters) are deleted once every week (168 hours).
Are the audit log entries deleted immediately after the retention option is enabled?
Audit log entries are not deleted immediately. Audit logs that are older than 15 months are deleted after a week (168 hours) from the time the option was enabled. Subsequently, the deletion process is run every week.
Will I be able to recover the deleted audit log entries?
No, you cannot recover audit log entries that are deleted.
If there is a significant number of audit log entries, will they all be deleted?
Irrespective of the number or quantity of audit log entries, all entries older than 15 months (5 quarters) are deleted.
Will there be any impact if my configuration includes security information and event management (SIEM)?
  • If your SIEM implementation stores the audit logs on a separate server for data analysis, then there is no impact on the behavior.
  • If your SIEM implementation reads the data directly from the Control Room and if the Audit log retention option is enabled, audit logs that are older than 15 months are not considered in SIEM because such audit logs are deleted.
Will there be any impact if my setup has an audit log server integration?
As long as you store audit logs on your audit log server, there is no change in the behavior.