This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.

You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Long Term Storage of UN-Normalized Logs

rayhe over 3 years ago

I am currently running Security Event Manager, version 2020.2. I need to store five to seven years of raw logs (not normalized).

I found in the SEM 2020.2 Administrators Guide that "A separate nDepth appliance provides additional capacity to store and retrieve raw log messages. If long-term storage of original log messages is a priority, then consider a separate nDepth VM. Otherwise, a separate instance is probably unnecessary. For more information contact your SolarWinds sales representative or SolarWinds Technical Support."

However, I have been told by SolarWinds Support that the nDepth Retention Server (L4) feature was removed in the 6.7 release of SEM and is no longer supported..

Any thoughts on how to accomplish storing five to seven years of raw logs (not normalized) with Security Event Manager is greatly appreciated.

Top Replies

Jfrazier over 3 years ago +1

sounds like this would be a good extention of the Data Warehouse Idea I posted years ago. https://thwack.solarwinds.com/t5/NPM-Feature-Requests/Data-Warehouse-for-long-term-interface-statistics-reporting…

0 Jfrazier over 3 years ago

sounds like this would be a good extention of the Data Warehouse Idea I posted years ago.
https://thwack.solarwinds.com/t5/NPM-Feature-Requests/Data-Warehouse-for-long-term-interface-statistics-reporting/idc-p/596607#M16566
Cancel
Vote Up +1 Vote Down

Cancel
0 rayhe over 3 years ago in reply to Jfrazier

Just to clarify, is the data warehouse idea in your post still in the "feature request" realm or has it become a reality since you posted that over seven years ago?
It is a great post and totally what i am looking for in a number of SolarWinds products i am currently running.
Cancel
Vote Up 0 Vote Down

Cancel
0 vitezslav.papiez over 3 years ago

Hello,
L4 configuration is not needed anymore since you can resize your disk to needed size that would hold logs for needed time. Documentation is available here https://support.solarwinds.com/SuccessCenter/s/article/Resize-a-LEM-Virtual-Appliance or contact our Support team that will be very happy to help you.
Thank you
Cancel
Vote Up 0 Vote Down

Cancel
0 peter6tz over 3 years ago in reply to vitezslav.papiez
Hello.
I'm reading this post https://support.solarwinds.com/SuccessCenter/s/article/Resize-a-LEM-Virtual-Appliance?language=en_US
And it says this:
You can exceed the 2 TB limit with a fresh SEM deployment (for versions 6.4 and later only). If your upgrade path included 6.3.1 and older, please contact Customer Support for assistance.
So I understand that if I already have SEM deployed with the default 250GB, I can't exceed the 2 TB limit because I did not do it the first time I deployed, am I right?
I have a client that would like to save like a year of data and maybe 2 TB is not going to be enough.
Cancel
Vote Up 0 Vote Down

Cancel
0 vitezslav.papiez over 3 years ago in reply to peter6tz

Hello,
since 6.4 version for the new installations, we have made some changes that allowed you to resize the disk beyond the 2TB. Versions 6.3.1 and older can be extended up to 2TB. Versions 6.4 and newer can be extended beyond that limit.
If you are not sure about the extension, reach out to our support team. They will help for sure.
Cancel
Vote Up 0 Vote Down

Cancel