This topic describes the Data Retention tab for an Archiver. Administrators use this tab to define the criteria for log retention and storage.
On the Administration > Services > Config view > Data Retention tab of an Archiver, Administrators can define the criteria for log retention and storage. As an Administrator, you can configure hot, warm, and cold storage as well as multiple storage collections with different locations and criteria for retaining logs. For example, you can create a Compliance collection that stores logs for a specific time period as required by government regulations. You can create another collection that stores low value logs in hot storage with a much shorter retention period. The flexibility of these collections enables you to have significantly less overall storage requirements.
Procedures related to this tab are described in Step 3. Configure Archiver Storage and Log Retention.
This tab has the following sections:
- Total Hot Storage: Enables you to configure the total amount of Hot Tier storage available. You can select or add mount points (paths) for your Hot Tier storage locations. These mount points are attached to fast direct storage, such as Direct-Attached Capacity (DAC) storage and SAN.
- Total Warm Storage: (Optional) Enables you configure the total amount of Warm Tier storage available. You can select or add mount points for your Warm Tier storage locations. These mount points are attached to secondary storage, such as NAS.
- Total Cold Storage: (Optional) Enables you to configure the total amount of Cold Tier storage available. You can add a mount point for a Cold Tier storage location to back up your log files. This mount point is attached to offline storage, such as NAS, or temporary storage before archiving to tape. Security Analytics does not manage cold storage.
- Collections: Enables you to define individual storage collections for different log types. You can specify the maximum size of the Hot and Warm Storage space, whether to use offline storage (Cold Storage), the number of days to retain the logs in the collection, the data compression, and whether to use a hash algorithm to ensure the data integrity of the files being saved.
- Retention Rule: Enables you to define rules for each of your log storage collections. You must define at least one rule for each collection.
To access the Data Retention tab for an Archiver:
- In the Security Analytics menu, select Administration > Services.
- Select an Archiver service and > View > Config.
- In the Services Config view for the service, click the Data Retention tab.
The Data Retention tab for the Archiver is displayed.
Total Hot, Warm, and Cold Storage
The Total Hot Storage section shows the total amount of Hot storage available and the number of hot storage mount points. The Total Hot Storage section shows the total amount of Warm storage available and the number of warm storage mount points. The Total Cold Storage section shows the total amount of Cold storage and the remaining free space available in Cold storage.
Hot, Warm, and Cold Storage Mount Points Dialogs
In the Hot, Warm, and Cold Storage Mount Points dialogs, you can specify the mount points for your storage locations. You can specify portions of this storage to use for your log storage collections.
The following table describes features of the Hot, Warm, and Cold Tier Storage dialogs.
The Collections section lists all of your storage collections along with Total Storage for Hot and Warm Storage.
The following table describes the features of the Collections section. You can hide some of the columns based on your requirements.
Any errors in the collection appear in red text. A dotted underline indicates that a tooltip is available with information about the error.
Collections that have editing disabled (grayed out) also have tooltips that provide information on the problem.
The Retention Rules section lists all of the retention rules used for your storage collections listed in the order of rule execution.
The following table describes the features of the Retention Rule section.