1. It depends on which devices are sending these logs. If it's firewalla sending logs, not a big surprise. The first thing you must to do is launch the syslog viewer on the SAM server and define some rules to limit the kind of logs that end up in the database
2. SQL 2008 R2 Express with a 10 GB limit is what is packaged in the eval
3. Which data are you refering to?
4. I think you mean data retention. After the data hits the data retention setting, it will be purged out of the database
5. See suggestion #1. For production, you can switch to a full version of SQL