How to groom the vulnerability table based on a specific date created value.

  • 7022176
  • 25-Oct-2017
  • 25-Oct-2017


Sentinel & later.


Vulnerability table grooming is not taking place as part of normal operations with Sentinel core. This issue should be handled as part of standard sentinel database operations.


1. Download the sp_delete_vuln_by_date.sql & file located under grooming.

NOTE: The files can also be obtained by contacting NetIQ Technical support
2. Copy downloaded files to the Sentinel core box. E.g. /home/novell Open putty/ssh client and navigate to folder.

NOTE: Confirm that the of the files is novell.novell and the files have execute permission.  If not use the chown and chmod commands update the files. 

E.g.  chmod +x myfile 

E.g.  chown novell.novell myfile

3. login as novell user  

E.g. su novell 

4. Login to psql.

E.g.  psql -h localhost  -U dbauser SIEM

5. Run the sql file

E.g.  \i /opt/novell/sentinel/bin/sp_delete_vuln_ext.sql

NOTE: It will create a new function in the db with the name public .esec_vuln_pkg_by_date_created

6. Once the function is successfully created, run the file.
7. Now follow the steps as usual to delete the Vulnerabilities.
8. When it prompts for “Type 1 to start cleanup, 2 for controlled cleanup (or 3 to cancel) =>”, enter 2.

9. Then enter the date from which vulnerabilities will be truncated in 'yyyy-MM-dd hh:mm:ss' format

E.g.  2017-10-17 12:00:00

10. Check the log and table to confirm that the tables have been groomed as per the date given.


Currently the vulnerability table grooming done as part of the script where it truncate all the data. There is no option to truncate a specific set of records.