Just bumping this thread, maybe someone will have some tips.
1 of 1 people found this helpful
Apologies, must have missed the original mail...
There's no way to achieve this, I'm afraid: auditing functions by design are hard-coded to prevent tampering. The only option available is to purge audit events.
That said, I would be very surprised if the audit log is taking up very much space in the database: compared to, for example, the threat events or update events tables, the audit log should be very much smaller. If controlling DB size is your goal I would suggest concentrating on those areas first.
In fact thats true, the audit log contains 4 times more events than client or threat event log, but this is cause by specific ePO configuration prepared for strictly controled mass deployment.
And now it seems that is time for reconfiguration to optimize ePO for day to day work.