How to modify the period of time auditing events are retained

  • Article ID: 118827
  • Updated: 30 May 2013

By default, auditing events are retained for a period of two years after which they are automatically purged. This can be modified to a period of time more suited to your environment and requirements.

Known to apply to the following Sophos product(s) and version(s)

Enterprise Console 5.2.1
Enterprise Console 5.2.0

What To Do

As an administrator, execute the following command on the computer hosting the Enterprise Console database component.

sqlcmd -E -S .\sophos -d SophosSecurity -Q "UPDATE dbo.Tables SET HistoryLengthInMonths=36"


  • This is a one line command.
  • It assumes in this example that you are using a local sophos named SQL Server instance.  For more details on establishing the SQL Server instance name in use see article: 113030.
  • The above command will modify the default period of 24 months (2 years) to 36 months (3 years) and should be adjusted as required. The period of time must be configured in months.

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent