Support

Support for business applications

Kaspersky Unified Monitoring and Analysis Platform

User guide

Analytics

Working with alerts

Retention period for alerts and incidents

Kaspersky Unified Monitoring and Analysis Platform
Нет результатов
Knowledge Base Online Help
FAQ Solution overview Forum Contact support Product videos

Retention period for alerts and incidents

April 8, 2024

ID 222206

Get as PDF

Alerts and incidents are stored in KUMA for a year by default. This period can be changed by editing the application startup parameters in the file /usr/lib/systemd/system/kuma-core.service on the KUMA Core server.

To change the retention period for alerts and incidents:

  1. Log in to the OS of the server where the KUMA Core is installed.
  2. In the /usr/lib/systemd/system/kuma-core.service file, edit the following string by inserting the necessary number of days:

    ExecStart=/opt/kaspersky/kuma/kuma core --alerts.retention <number of days to store alerts and incidents> --external :7220 --internal :7210 --mongo mongodb://localhost:27017

  3. Restart KUMA by running the following commands in sequence:
    1. systemctl daemon-reload
    2. systemctl restart kuma-core

The retention period for alerts and incidents will be changed.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.