04-01-2010 01:48 PM
We're currently utilizing Panorama sitting on 2TB of SAN-attached disk to retain as many logs as possible. However, even with 2TB of disk, we're not able to reach our stated policy goal of retaining six months of logging data (we log an awful lot of data).
I've looked into the scheduled log export facilities available on the 4020s, but it looks like Panorama (at least version 3.0.6) doesn't have an equivalent option. We'd much prefer to back up logs from Panorama to long-term storage, rather than from the individual 4020s. However, the bigger question is how customers perform forensic work on logs that have been taken off the Panorama engine. We're debating setting up another Panorama installation, but how logs would be exported and then reimported into this engine isn't clear.
I'm interested in hearing if other organizations have encountered similar issues, and if so what creative solutions they may have developed for longer-term retention and analysis.
Thanks
04-05-2010 12:56 PM
Hello,
you may want to investigate using Saw mill or Splunk. These two solutions have been the most popular by far by most of our customers for organizing and archiving logs and generating robust reports.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
