Help
FortiSIEM Discussions
khanchand
New Contributor III

Created on ‎09-11-2023 07:22 AM

FortiSIEM data retention and archieval

Hi Community Member,

 

I have a requirement of 150 days data retention policy. 30 days should be online and 120 day on archive. I am getting little bit confuse in FortiSIEM documentation.

There are two types of retention policy (archival retention policy and online retention policy), we have configured data storage (online and archive) on NFS server.

 

If I set data retention to 30 days in online retention policy, what will fortiSIEM will do after 30 days ? will it move data to archive or it will delete the data ?

 

Thanks in advance.

457
0 Kudos
1 Solution
FSM_FTNT
Staff
Staff

Created on ‎09-15-2023 06:02 AM

With this event database setup eventDB as online and eventDB as archive, once the online retention policy time had been bet, then the event is moved to the archive at the end of the day.

View solution in original post

423
1 REPLY 1
FSM_FTNT
Staff
Staff

Created on ‎09-15-2023 06:02 AM

With this event database setup eventDB as online and eventDB as archive, once the online retention policy time had been bet, then the event is moved to the archive at the end of the day.

424
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.