Is there a way to archive the syslogs?

I am not sure if I am in the right place so feel free to move my question if I am in the wrong queue.  I currently upgraded SolarWinds to version 2020.2.1. and added the Orion Log Viewer addon.  Our Network team is asking if the syslogs can be archived for 7 years which is a IRS regulation.  Right now they are using a dedicated splunk server to do it and wanted to see if there is a better way with SolarWinds.  Does anyone know of a process for doing this?

  • Kiwi and Orion are both not really designed to handle that kind of retention period except in a very small environment, but it is possible with SEM.  You're situation may vary but the costs to stand up an appropriately sized SEM instance is potentially in the same ball park as their Splunk server since they are both SIEM tools and compete in the same space.  

    As a really low budget solution you can have Kiwi take its log files and dump them into a SQL database and do the reporting from there, but just having a giant single table db with everything in it is probably not going to be very fast/efficient when the time comes to actually look things up.  The sort of scalability and compression is what makes SIEM tools valuable.

  • That depends on your requirements.  If they just need to be saved to disk most tools should be able to handle that.  We use Kiwi for this.

    If they need to be searchable you would need to look at other tools or services, Splunk, Loggly, Elasticsearch, etc.