This topic provides instructions for Administrators on how to configure log storage collections on an Archiver.
Security Analytics enables you to define individual storage collections for different log types. You can specify the maximum size of the Hot and Warm Storage space used by the collection, whether to use offline storage (Cold Storage), the number of days to retain the logs in the collection, the data compression, and whether to use a hash algorithm to be able to verify the data integrity of the files being saved. You should create collections based on your log retention storage requirements. Each collection that you create must be associated with at least one retention rule.
Before you configure your log retention storage collections, configure total hot, warm, and cold storage.
Configure a Log Storage Collection
To configure a log retention storage collection on an Archiver:
- In the Security Analytics menu, select Administration > Services.
- Select the Archiver service and > View > Config.
The Services Config view of Archiver is displayed.
- On the Data Retention tab, in the Collections section, click to add a collection.
(If you decide to make changes to an existing collection, you can select the collection and click to change the settings.)
The Collection dialog is displayed.
- Configure the collection as described in the following table.
- Click Save.
Any errors in the collection appear in red text. A dotted underline indicates that a tooltip is available with information about the error. Your collection name appears in red text until at least one retention rule is defined for your collection.
If you have a collection with editing disabled (grayed out), look at the associated tooltip for more information.
Define retention rules for your collections.