Right now I only keep syslog messages for 7 days due to trying to keep control of performance and Orion's database size.
However, we need to keep these much longer - maybe 12 to 18 months for Compliance/Audit, but only for our network devices (Routers, switches, Pix, ASA, Sonicwall .etc)
Could I expect Orion to adjust with this type of growth and keep it's performance tight or should I go another way, like allow our Corner-Bowl-Log-Manager to take on network syslogs?
NOTE: I anticipate getting RAID1-0 for Orion later in 2011, providing better disk performance and a much larger database, even for syslog retention. Disk space will not be an issue.
But my question is, how much of our historical syslog messages can Orion's database handle without degrading?
Right now it is only 1.1GB out of NETPERFMON's 38.0 GB. So, it may end up SYSLOG tables will become the bulk of NETPERFMON.
So if syslog alone becomes 58GB is there concern making future reports, queries, etc from this size database/tables?