diff --git a/files/usr/local/lib/systemd/system/cleanup_oracle_incidents.service b/files/usr/local/lib/systemd/system/cleanup_oracle_incidents.service
new file mode 100644
index 0000000000000000000000000000000000000000..13ae7beea193c56220e458033dfe42f4adff28ba
--- /dev/null
+++ b/files/usr/local/lib/systemd/system/cleanup_oracle_incidents.service
@@ -0,0 +1,35 @@
+[Unit]
+Description=Cleanup Daemon for Oracle Incidents
+After=network.target
+
+[Service]
+ExecStartPre=/usr/bin/find /exlibris/app/oracle/diag/rdbms/dps/dps/incident/ -mtime 7 -delete
+ExecStart=/usr/bin/find /exlibris/app/oracle/diag/rdbms/dps/dps/trace/ -mtime 7 -delete
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+Restart=on-failure
+Type=simple
+
+### Security features
+# documented at https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+#ProtectSystem=strict
+#ProtectHome=read-only
+#ProtectHostname=true
+#ProtectClock=true
+#ProtectKernelTunables=true
+#ProtectKernelModules=true
+#ProtectKernelLogs=true
+#ProtectControlGroups=true
+#LockPersonality=true
+#MemoryDenyWriteExecute=true
+#RestrictRealtime=true
+#RestrictSUIDSGID=true
+## RemoveIPC=true
+## PrivateMounts=true
+## MountFlags=
+## SystemCallFilter is a Whitelist!!!
+#SystemCallFilter=@aio,@basic-io,@debug,@file-system,@network-io
+#SystemCallErrorNumber=1337
+
+[Install]
+WantedBy=multi-user.target
diff --git a/files/usr/local/lib/systemd/system/cleanup_oracle_incidents.timer b/files/usr/local/lib/systemd/system/cleanup_oracle_incidents.timer
new file mode 100644
index 0000000000000000000000000000000000000000..55df131553bc3a45080bab7a121eda22edad0087
--- /dev/null
+++ b/files/usr/local/lib/systemd/system/cleanup_oracle_incidents.timer
@@ -0,0 +1,11 @@
+[Unit]
+Description=Cleanup Daemon for Oracle Incidents
+
+[Timer]
+Unit=cleanup_oracle_incidents.service
+Persistent=true
+OnCalendar=daily
+
+[Install]
+WantedBy=default.target
+
diff --git a/tasks/oracle/install_cleanup_jobs.yml b/tasks/oracle/install_cleanup_jobs.yml
new file mode 100644
index 0000000000000000000000000000000000000000..82f9a81cf1c8b345b32741a3798c7530b4cfb45f
--- /dev/null
+++ b/tasks/oracle/install_cleanup_jobs.yml
@@ -0,0 +1,20 @@
+---
+- name: deploy SystemD cleanup units
+  ansible.builtin.copy:
+    src: "usr/local/lib/systemd/system/cleanup_oracle_incidents.{{ item }}"
+    dest: "/usr/local/lib/systemd/system/"
+    mode: "0644"
+  loop:
+    - "service"
+    - "timer"
+
+- name: enable & start SystemD cleanup units
+  ansible.builtin.systemd:
+    name: "cleanup_oracle_incidents.{{ item.n }}"
+    enabled: "{{ item.e | default(true) }}"
+    state: "{{ item.s | default('started') }}"
+    daemon_reload: true
+  loop:
+    - n: "service"
+      s: "stopped"
+    - n: "timer"
diff --git a/tasks/oracle/main_oracle.yml b/tasks/oracle/main_oracle.yml
index afbe4e36bf276461f0ba7d0999aa31683492ef96..f8821df2aec2bd4c32d0efcbf9e689d6ce39cdd9 100644
--- a/tasks/oracle/main_oracle.yml
+++ b/tasks/oracle/main_oracle.yml
@@ -21,3 +21,6 @@
 - name: configure logrotate
   ansible.builtin.import_tasks: "oracle/configure_logrotate.yml"
   tags: [oracle, logrotate]
+- name: install cleanup jobs
+  ansible.builtin.import_tasks: "oracle/install_cleanup_jobs.yml"
+  tags: [oracle, cleanup, log, alertlog]