Logger storage query
I am implementing new logger 6.4, in storage part i have below querys. So pls clarify.
1. How storage group is diffrentiating particular logs retention period, becasue in storage group we are not giving any devices or receivers details.
2.Event archive is must ?
3. Event archive means log backup ?
>1. How storage group is diffrentiating particular logs retention period, becasue in storage group we are not giving any devices or receivers details.
You have to create Device Groups for your differnent Devices that send the events to Logger.
Based on the Device Groups you must create Storage Rule.
if you have no storage Rule all Logs are storage in default Storage Group. (No separation)
The internal Arcsight Events of logger are stored in internal Storage Group.
>2.Event archive is must ?
yes, if your logger crashes you must have archives to setup logger with old data again.
And you can extend the Data you save if you use online Storage and offline archive Storage togther.
Don't forget to save a daily Config backup.
otherwise you can't reload the archives later.
>3. Event archive means log backup ?
yes, all Logs that the Logger gets and all internal events are backuped into archive.
You can decide which storage Group you want to archive
it's all documentated here: