Recently I have been tasked to improve our log monitoring and retention program within our organization.
During my research on this program, I discovered that our organization has a requirement to maintain log data using the following as a guide:
- 30 days online
- 1 year offline (archiving)
The 30 day retention online is a no brainer. The Syslog monitor tool was simple enough to configure although we are considering upgrading our server drive space to provide more wiggle room for the database environment.
The offline requirement is becoming a bit of a question around here.
Are there any practical best practice approaches to archiving that people are using out there?
Ideas we brainstormed and are looking at:
- dual log shipping; ship logs to NPM for 30day monitoring and ship logs to another server for dedicated raw archiving to a biweekly tape to be held for a year.
- back up the NPM database weekly for retention of data for one year (many solutions to accomplish this as long as a year of data is held)
We are still learning here, so any information, ideas, or advice is much appreciated.