Enterprise-grade PowerShell solution for automated cleanup of LogRhythm Inactive Archive files (.lca) with secure credential management and production-validated reliability.
# Save credentials for network share access
.\Save-Credential.ps1 -CredentialTarget "NAS_PROD" -SharePath "\\server\share"# Dry-run (safe preview mode)
.\ArchiveRetention.ps1 -ArchivePath "D:\LogRhythmArchives\Inactive" -RetentionDays 456
# Execute deletion (15-month retention)
.\ArchiveRetention.ps1 -ArchivePath "D:\LogRhythmArchives\Inactive" -RetentionDays 456 -Execute
# Network share with saved credentials
.\ArchiveRetention.ps1 -CredentialTarget "NAS_PROD" -RetentionDays 1095 -Execute# Generate 4TB of properly aged test data on NAS
ssh qnap 'cd /share/LRArchives && ./generate_nas_balanced.sh 4096'- Production-Tested: 95,558 files (4.67 TB) processed with 0% error rate
- High Performance: O(1) memory usage with streaming mode, 10-20x faster scanning
- Secure Credentials: AES-256/DPAPI encryption with machine binding
- Safety First: Dry-run by default, minimum 90-day retention enforcement
- Enterprise Ready: Comprehensive logging, scheduled task support, parallel processing
- Windows Server 2016+ or Windows 10+
- PowerShell 5.1+ (PowerShell 7+ recommended)
- Administrative access to archive directories
# Clone repository
git clone <repository-url>
cd LRArchiveRetention
# For production deployment
Copy-Item -Path ".\*" -Destination "C:\LogRhythm\Scripts\LRArchiveRetention\" -RecurseFor detailed setup instructions, see Installation Guide.
| Metric | Value | Version |
|---|---|---|
| Files Processed | 95,558 (4.67 TB) | v2.3.21 |
| Scan Rate | 1,600 files/sec | v2.1.0+ |
| Delete Rate | 35 files/sec (network) | All |
| Memory Usage | 10 MB constant | v2.3.21+ |
| Parallel Speedup | 4-8x | v1.2.0+ |
See Performance Benchmarks for detailed metrics.
# Local path with progress
.\ArchiveRetention.ps1 -ArchivePath "C:\Archives" -RetentionDays 730 -ShowDeleteProgress
# Quiet mode for scheduled tasks
.\ArchiveRetention.ps1 -CredentialTarget "NAS_PROD" -RetentionDays 456 -QuietMode -Execute# Enable parallel processing (4-8x faster)
.\ArchiveRetention.ps1 -CredentialTarget "NAS_PROD" -RetentionDays 365 `
-ParallelProcessing -ThreadCount 8 -Execute# Interactive credential setup
.\Save-Credential.ps1 -Target "NAS_PROD" -SharePath "\\server\share"For complete command reference, see Command Reference.
| Guide | Description |
|---|---|
| Installation | Complete setup and deployment guide |
| Command Reference | All commands and parameters |
| Performance | Benchmarks and optimization |
| Credentials | Secure credential management |
| Test Data Generation | Generate properly aged test data |
| Scheduled Tasks | Automation configuration |
| CLAUDE.md | AI assistant context |
- CHANGELOG.md - Version history
- IMPROVEMENTS_TODO.md - Roadmap and known issues
- Technical Architecture - Codebase organization
- Dry-Run Default: Preview changes before execution
- Minimum Retention: 90-day hardcoded safety limit
- Single Instance: Prevents concurrent execution
- Audit Logging: Complete deletion records for compliance
ArchiveRetention.ps1 # Main retention engine
βββ Save-Credential.ps1 # Credential management
βββ ShareCredentialHelper.psm1 # Credential module
βββ CreateScheduledTask.ps1 # Task automation
βββ winrm_helper.py # Remote operations
- Pre-commit hooks for credential detection
- Machine-bound encryption keys
- Secure credential storage (DPAPI/AES-256)
- Comprehensive audit logging
See Security Setup for details.
| Period | Days | Use Case |
|---|---|---|
| 3 months | 90 | Minimum allowed |
| 15 months | 456 | Common production |
| 2 years | 730 | Compliance standard |
| 3 years | 1095 | Long-term retention |
- Check CLAUDE.md for detailed examples
- Review logs in
script_logs/ArchiveRetention.log - See Troubleshooting
- Use
-Verboseflag for detailed output
MIT License - See LICENSE file
Current Version: 2.3.21 | Updated: July 2025