I am currently running Security Event Manager, version 2020.2. I need to store five to seven years of raw logs (not normalized).
I found in the SEM 2020.2 Administrators Guide that "A separate nDepth appliance provides additional capacity to store and retrieve raw log messages. If long-term storage of original log messages is a priority, then consider a separate nDepth VM. Otherwise, a separate instance is probably unnecessary. For more information contact your SolarWinds sales representative or SolarWinds Technical Support."
However, I have been told by SolarWinds Support that the nDepth Retention Server (L4) feature was removed in the 6.7 release of SEM and is no longer supported..
Any thoughts on how to accomplish storing five to seven years of raw logs (not normalized) with Security Event Manager is greatly appreciated.
L4 configuration is not needed anymore since you can resize your disk to needed size that would hold logs for needed time. Documentation is available here https://support.solarwinds.com/SuccessCenter/s/article/Resize-a-LEM-Virtual-Appliance or contact our Support team that will be very happy to help you.
I'm reading this post https://support.solarwinds.com/SuccessCenter/s/article/Resize-a-LEM-Virtual-Appliance?language=en_US
And it says this:
So I understand that if I already have SEM deployed with the default 250GB, I can't exceed the 2 TB limit because I did not do it the first time I deployed, am I right?
I have a client that would like to save like a year of data and maybe 2 TB is not going to be enough.
since 6.4 version for the new installations, we have made some changes that allowed you to resize the disk beyond the 2TB. Versions 6.3.1 and older can be extended up to 2TB. Versions 6.4 and newer can be extended beyond that limit.
If you are not sure about the extension, reach out to our support team. They will help for sure.
Just to clarify, is the data warehouse idea in your post still in the "feature request" realm or has it become a reality since you posted that over seven years ago?
It is a great post and totally what i am looking for in a number of SolarWinds products i am currently running.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.