question

Hi @Kawa1 ,

Per my understanding, if the timer job is set monthly, and the number of days of audit log data to retain is 10:

At Feb 28th, you could go to CA>Monitoring>Timer Jobs>Check job status>Job history to check if the Audit Log Trimming timer job of the web application has already run.

If yes, then you could only see the data from 2.18-2.28(10 days as you set) when you click the "Audit log reports" in Site settings, and the other data will be stored in sites/〇〇〇〇/Documents.

If no, then you could see the data directly in the "Audit log reports" and there will be no excel in sites/〇〇〇〇/Documents.

==============================
In fact, as the post you mentioned, the number of days of audit log data to retain determines how long the log will be kept in the AuditData table in the SQL server.

The data in the Audit log will be stored in the AuditData table in the database, and the increase in data will reduce performance.

So if you set up data storage for 10 days, the audit log will leave the data of the previous ten days, and the data more than 10 days will be deleted from the database, and at the same time, excel(the data more than 10 days) will be generated to the specified library according to your instructions.

You can check them both. This storage method will save space and improve database performance.

================Update1===================
I did a one-day test,take deleting List as an example:

My settings:

=====
02/10/2021
11:13 Delete List 222.
15:50 Delete List 333.
02/11/2021
13:15 Check Site settings>Audit log report>Deletion,we can see both List 222 and 333:

13:22 After the timer job ran,we can see that the data deleted from list 222 one day ago has been automatically generated and appears in the Library:


When checking Site settings>Audit log report>Deletion again, we can only see list 333 and list 222 disappeared:

Check the table AuditData in SQL,we can only see List 333, because list 222 has been deleted from SQL and it is stored in the library you set:

If you configure Site collection audit settings at Feb 5th,then the data will be recorded from Feb 5th.
If you set 35 days, then the data of the 35 days before the timer job runs will be kept in the Library. However this also depends on the situation, depending on how much data is left after your last timer job was run. If there are only 30 days of data left, then there are only 30 days of data.

===================Update2=================
For your questions:
1&2)We don't need to manually run this timer job, as long as we set the time, it can run automatically.
For example, if I set the timer job to run automatically on 02/17/2021 8AM:

3&4)According to my understanding, if the 31st of each month is set, this timer job will run in the last 1 to 2 days of each month. The specific situation still needs to be judged according to the actual operation of the timer job. We will need more time to confirm the behavior of timer job in different situations.

If the timer job to run at 2AM March 31st, then the data which is from March 5th to March 31st(2AM) will be kept in the library.
Then, the data which is from 2AM 31st to April 30th will be kept in the library on April 30.

In addition, the running time of the Timer job sometimes has a deviation of one to two days, so it needs to be judged based on the actual operation of the Timer job.

===============Update3=============
I did a test in my end:
Settings:
✓Automatically trim the audit log for this site? Yes
✓Optionally, specify the number of days of audit log data to retain: 1
✓If you'd like to keep audit data for longer than this, please specify a document library where we can store audit reports before trimming occurs: /sites/〇〇〇〇/Documents,

When check the Timer job:

---

If the answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

[10]: /answers/storage/attachments/72750-sp2013-1.jpg

Hi Elsie Lu, thank you for explaining in detail.I'm afraid that I'm still not sure what you are saying.
Would you advise how I can go to CA?
I guess I'm not at the administration organization, so I have no right to have access to CA.

If I don't have the permission at this moment, I will talk to Administration staff in my company.
Before talking to the staff, let me clarify the following questions.

1)How can we check if the Audit Log Trimming timer job of the web application has already run or not.
Can we see the comments like "running" at the page"Job history"?

2) If admin staff don't permit to change the status from not running to running because the data is getting too heavy, can't we stock the data automatically? I mean, If I would like to collect the audit log ,let's say,for 1 year, I need to get the data directly and manually every at the end of the month because audit log is automatically trimmed every 30 days?
Moreover, I guess the timing which is automatically trimmed is not always the final day of the month,right? If so, I need to get the data everyday during let's say, 28-31 of every month because I don't know when the data is automatically trimmed. I'm still not sure I can get the data perfectly by doing so. Would you tell me how to keep getting the audit log perfectly.(if it's automatic, it will be appreciated)

2) If admin staff permit to change the status from not running to running, will the audit log will be stocked every 10 days,if the number of days of audit log data to retain is 10?

3)You mention "If yes, then you could only see the data from 2.18-2.28(10 days as you set) when you click the "Audit log reports" in Site settings, and the other data will be stored in sites/〇〇〇〇/Documents."
in this case, "the other data" is the data which is from when to when?

My apologies on long sentences. Please let me know what you think about that.

Hi Elsie Lu.
I confirmed that the Audit Log Trimming timer job is running as follows.

This timer job is scheduled to run: Monthly,
By date: starting every month between 2AM on the 31st and no later than 2AM on the 31st

so, if in my section setting is following,
✓Automatically trim the audit log for this site? Yes
✓Optionally, specify the number of days of audit log data to retain: 35
✓If you'd like to keep audit data for longer than this, please specify a document library where we can store audit reports before trimming occurs: /sites/〇〇〇〇/Documents,

does this means that ,let's say, when the audit log is trimmed automatically at 2am on March 31st the audit log which is from March 1 to March 31 will be stored in "/sites/〇〇〇〇/Documents" as Excel file?

In addition, As you said, does it mean I can collect the audit log which is from February 24 to March 31 by "audit log report" because setting about retaining is 35days?
I'm not sure on it because just right now I got the data, but this data is just from 2am January 31 to present. My understanding is that if you are correct, should be this data from January 6 to present?

Moreover, admin staff mentioned that even if I set up "setting" as follows in my section, if CA set monthly trimming as above, your setting was overwritten by CA, it means that your setting is not effective. He is not sure about it. Would you advise if this is correct or not?

✓Automatically trim the audit log for this site? Yes
✓Optionally, specify the number of days of audit log data to retain: 35
✓If you'd like to keep audit data for longer than this, please specify a document library where we can store audit reports before trimming occurs: /sites/〇〇〇〇/Documents,

Thank you.

One more quick question!
in my case of CA setting above, If there is no 31st in the month, when is it automatically trimmed?
Let's say in Feb. there is no 31st, when is it automatically trimmed?
Thank you.

Hi, Elsie Lu.

Noted yours. If I can get your reply by the end of this week, it will be appreciated. Thank you.

Thank you for the reply. Please let me confirm your answer.

1)As long as the timer job is set as attache image above, the timer job runs automatically,right? I mean, I don't have to make it run manually,right?

2) In addition, in my setting above, the timer job runs every 2am 31st of the month, right?

3)In my case of CA setting above, If there is no 31st in the month, when is it automatically trimmed?
Let's say in Feb. there is no 31st, when is it automatically trimmed?

4) If I set 35days at March 5th, then when will the data be kept in the library next time? and this data is from when to when?

My understanding is that the data which is from March 5th to March 31th will be kept in the library on March 31 at 2am.
Then, the data which is from March 25th to April 30th will be kept in the library on April 30 at 2am.
Is my understanding correct?

If possible, would you kindly e-mail me? I would like to explain what I'm worried about.

Hi Elsie Lu. I'm afraid that I need to get the confirmation by tomorrow because of my work. If possible, could I get your answer by tomorrow?
Thank you.

Hi Elsie Lu. Thank you for your reply. I'm afraid that I couldn't find update2 section. Would you kindly tell me where it is?

Thank you for the reply.
I understand. Let me ask one more question.

In timer job setting of my section (see the screenshot above),
it says that Last run time is NA.
I would like to believe this is because I haven't set the audit log trimming as follows before.
Is my understanding correct?

Now My section's setting at "audit log trimming" is following:
Automatically trim the audit log for this site? Yes
Optionally, specify the number of days of audit log data to retain: 10
If you'd like to keep audit data for longer than this, please specify a document library where we can store audit reports before trimming occurs: /sites/〇〇〇〇/Documents

Does it means that the end of this month Job timer will run, and the audit data will be kept in specific library where I set?
As a result of it, Will "Last run time" show the actual data such as February 28th 2:00am or something like that automatically, you think?

Appreciate your help.