Data retention periods and retrieving historical data for audit

This article answers two questions auditors and administrators frequently ask:

How long does Nanitor keep logs and data?
How can historical data be retrieved for audit purposes?

Data retention periods

Nanitor performs automated data retention cleanup as part of its regular background maintenance task, which runs several times a day and processes data in small batches to avoid impacting performance. The retention periods below are applied automatically.

Data	Retention period	Notes
Activity log (audit trail)	3 years	Events such as logins, user changes, asset lifecycle changes, configuration/policy changes, and issue creation/resolution. Creation events tied to issues that are still open are retained until the issue is resolved, regardless of age.
Archived benchmark assignments	6 months	When a benchmark profile is unassigned from an asset, the assignment is archived. After 6 months it is removed along with its associated benchmark results, rule-check details, compliance results, and resolved issues. Active assignments are never affected.
Inactive (archived) assets	Configurable	Governed by your Nanitor Archival Policy.
Superseded / orphaned benchmark data	Routine cleanup	Detailed results that are no longer current are pruned to manage database growth. Current data is retained.

Note

Automated data retention cleanup was introduced in Nanitor 6.8.0. For the administrative detail and the manual cleanup commands, see Background Management Tasks.

Log file retention

This refers to the service and agent log files (used for troubleshooting), which are separate from the activity-log audit trail described above.

Cloud-hosted (SaaS): server log files are managed and retained by Nanitor as part of the hosted service.
Self-hosted: Nanitor server services write to /var/log/nanitor/ and ship with a daily logrotate configuration that keeps roughly 7 days of compressed logs. You can adjust this on your server by editing the relevant file under /etc/logrotate.d/.
Agent log files are stored locally on each asset — see Where does the Nanitor Agent store its logfiles?.

Retrieving historical data for audit

Nanitor provides several ways to review and export historical records.

Audit report

The compliance audit report is a printer-friendly view of compliance status at benchmark level — ideal for showing an auditor or creating a work list. It includes a date filter so you can produce the report as it stood at a point in the past. See How do I view the Nanitor audit report?.

Activity log (events)

The activity log is Nanitor's audit trail of system and user actions — including logins, user and configuration changes, asset and issue lifecycle events, and API-key usage. Activity-log entries can be filtered by date range and exported to CSV (this requires a role with reporting permission). For programmatic retrieval over a specific date range, the same events are available through the REST API (the activity_log endpoint supports date filtering).

Asset and issue exports

You can export the current inventory and issue history for evidence:

Full database backup

For point-in-time retention or longer-term archival beyond the periods above, take a database backup and store it according to your own retention policy:

Tip

If your compliance programme requires retaining audit records for longer than the built-in 3-year activity-log period, schedule periodic CSV exports of the activity log and/or regular database backups, and retain those artifacts in your own archive.

Summary

Question	Answer
Audit-trail (activity log) retention	3 years (open-issue creation events kept until resolved)
Archived benchmark assignment retention	6 months
Inactive asset archival	Configurable (archival policy)
Server log files	~7 days (self-hosted, `logrotate`); managed by Nanitor for cloud-hosted
Retrieve compliance history	Audit report with date filter
Retrieve action/event history	Activity log: filter by date, export to CSV, or via REST API
Longer-term retention	Periodic CSV exports and/or database backups