Syslog Retention and Archiving

Recently I have been tasked to improve our log monitoring and retention program within our organization.

During my research on this program, I discovered that our organization has a requirement to maintain log data using the following as a guide:

- 30 days online
- 1 year offline (archiving)

The 30 day retention online is a no brainer.  The Syslog monitor tool was simple enough to configure although we are considering upgrading our server drive space to provide more wiggle room for the database environment.

The offline requirement is becoming a bit of a question around here.
Are there any practical best practice approaches to archiving that people are using out there?

Ideas we brainstormed and are looking at:

  • dual log shipping; ship logs to NPM for 30day monitoring and ship logs to another server for dedicated raw archiving to a biweekly tape to be held for a year.
  • back up the NPM database weekly for retention of data for one year (many solutions to accomplish this as long as a year of data is held)

We are still learning here, so any information, ideas, or advice is much appreciated.

Cheers!

Parents
  • Just an idea to throw out other customers have done.  Not sure how you are setup so this may not apply to you.

    Deploy our Kiwi Syslog Servers at regional sites and have those devices at that site log to that server.  Kiwi can archive off on a pre-set basis automatically and you can set it up to automatically forward all or specific messages up to Orion for online viewing

  • This is the approach we use (but mainly for security reasons rather than archiving).

    It will work much better once Orion can strip out the orgin_address from a Kiwi syslog forwarded message.

    This was listed as one of the items under development - hopefully it made the cut for the next release.

    Dave.

Reply
  • This is the approach we use (but mainly for security reasons rather than archiving).

    It will work much better once Orion can strip out the orgin_address from a Kiwi syslog forwarded message.

    This was listed as one of the items under development - hopefully it made the cut for the next release.

    Dave.

Children
No Data