I am currently running Security Event Manager, version 2020.2. I need to store five to seven years of raw logs (not normalized).
I found in the SEM 2020.2 Administrators Guide that "A separate nDepth appliance provides additional capacity to store and retrieve raw log messages. If long-term storage of original log messages is a priority, then consider a separate nDepth VM. Otherwise, a separate instance is probably unnecessary. For more information contact your SolarWinds sales representative or SolarWinds Technical Support."
However, I have been told by SolarWinds Support that the nDepth Retention Server (L4) feature was removed in the 6.7 release of SEM and is no longer supported..
Any thoughts on how to accomplish storing five to seven years of raw logs (not normalized) with Security Event Manager is greatly appreciated.
L4 configuration is not needed anymore since you can resize your disk to needed size that would hold logs for needed time. Documentation is available here https://support.solarwinds.com/SuccessCenter/s/article/Resize-a-LEM-Virtual-Appliance or contact our Support team that will be very happy to help you.
Just to clarify, is the data warehouse idea in your post still in the "feature request" realm or has it become a reality since you posted that over seven years ago?
It is a great post and totally what i am looking for in a number of SolarWinds products i am currently running.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.