I am not sure if I am in the right place so feel free to move my question if I am in the wrong queue. I currently upgraded SolarWinds to version 2020.2.1. and added the Orion Log Viewer addon. Our Network team is asking if the syslogs can be archived for 7 years which is a IRS regulation. Right now they are using a dedicated splunk server to do it and wanted to see if there is a better way with SolarWinds. Does anyone know of a process for doing this?
Kiwi and Orion are both not really designed to handle that kind of retention period except in a very small environment, but it is possible with SEM. You're situation may vary but the costs to stand up an appropriately sized SEM instance is potentially in the same ball park as their Splunk server since they are both SIEM tools and compete in the same space.
As a really low budget solution you can have Kiwi take its log files and dump them into a SQL database and do the reporting from there, but just having a giant single table db with everything in it is probably not going to be very fast/efficient when the time comes to actually look things up. The sort of scalability and compression is what makes SIEM tools valuable.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.