Skip to main content

Event Log item life-time base-line usage guidelines

On this page we shall give few example use cases and related guidelines for Event Log item life-time.

If using setting "Indefinitely", always monitor disk space and be prepared for real-life surprises.

Remember, it is always possible to select Event Log items by filtering, and then export them out for archival purposes. This, however, is not possible in all use cases.

Base-line settings for enterprise use

Life-time classBase valueRemarks
General180 daysOptionally 365 days
Long life-time3 yearsOptionally 4+ years
PermanentIndefinitelyFixed setting

Base-line settings for governmental use

External central syslog service and/or SIEM and/or Graylog is strongly recommended and in some cases mandatory.

Life-time classBase valueRemarks
General365 daysOptionally 730 days
Long life-time5 yearsOptionally 6+ years
PermanentIndefinitelyFixed setting

Base-line settings for healthcare use

External central syslog service and/or SIEM and/or Graylog is strongly recommended and in some cases mandatory.

Life-time classBase valueRemarks
General730 daysIdenfinitely is possible but enable it with caution
Long life-time15 yearsIdenfinitely is possible but enable it with caution
PermanentIndefinitelyFixed setting

Base-line settings for finance/insurance use

External central syslog service and/or SIEM and/or Graylog is in most cases mandatory.

Life-time classBase valueRemarks
General730 daysIdenfinitely is possible but enable it with caution
Long life-time10 yearsIdenfinitely is possible but enable it with caution
PermanentIndefinitelyFixed setting