cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 8

Long Term Storage of UN-Normalized Logs

I am currently running Security Event Manager, version 2020.2. I need to store five to seven years of raw logs (not normalized).

I found in the SEM 2020.2 Administrators Guide that "A separate nDepth appliance provides additional capacity to store and retrieve raw log messages. If long-term storage of original log messages is a priority, then consider a separate nDepth VM. Otherwise, a separate instance is probably unnecessary. For more information contact your SolarWinds sales representative or SolarWinds Technical Support."

However, I have been told by SolarWinds Support that the nDepth Retention Server (L4) feature was removed in the 6.7 release of SEM and is no longer supported..

Any thoughts on how to accomplish storing five to seven years of raw logs (not normalized) with Security Event Manager is greatly appreciated.

3 Replies

Hello,

 

L4 configuration is not needed anymore since you can resize your disk to needed size that would hold logs for needed time. Documentation is available here https://support.solarwinds.com/SuccessCenter/s/article/Resize-a-LEM-Virtual-Appliance or contact our Support team that will be very happy to help you. 

Thank you

0 Kudos

sounds like this would be a good extention of the Data Warehouse Idea I posted years ago.
https://thwack.solarwinds.com/t5/NPM-Feature-Requests/Data-Warehouse-for-long-term-interface-statist...

 

Just to clarify, is the data warehouse idea in your post still in the "feature request" realm or has it become a reality since you posted that over seven years ago?

It is a great post and totally what i am looking for in a number of SolarWinds products i am currently running.

0 Kudos