About Log Management data archiving

The new Log Management archiving feature allows you to retain your log data as long as you would like without affecting system performance. It accomplishes this by introducing a new state referred to as “Archived”. Log data now enters the Archived state after it has expired in your Elasticsearch database whereas, prior to this feature being implemented, expired data was simply deleted from the database.

Log data is handled by Elasticsearch indexes. Two indexes, one for Syslog and one for WinEvent, are created and stored in Elasticsearch. After the expiration date configured in the Whatsup Gold Log Management Settings or when the Elasticsearch database runs out of usable space, these indexes are copied to the archive location and removed from Elasticsearch. Indexes can then be manually restored to the Elasticsearch database for log data reporting or will be automatically removed from the archive location after the archive data retention period configured in Log Management Settings has ended.

Important: It is highly recommended to use a remote location in which to archive log data and to select the ZIP option under Archive Compression in Log Management Settings to ensure there is no effect on system performance.

See Also

Log Management

About Log Management

Configure a Log Source

Log Management Settings

Creating filters

Configuring a Log Management Filter Frequency Threshold

Log Management Dashboard

Log Viewer (Full Page Report)

Using the Archived Logs interface