Our security posture requires that we store Windows Event Logs (Application, System and Security) for one year. I am still relatively new to LEM, so am not sure archiveconfig will meet this requirement or not. I just want to be sure we will not be losing any logs using that method on a monthly schedule. Also, from what I have read, restoring logs from the archive "requires SolarWinds intervention." Am I reading that right?
↧