You can forward incoming events to VMware Aria Operations for Logs , Splunk, or another destination. You can retain certain logs for a lesser number of days than the default retention period. If you want to retain logs for a longer period, you can archive the logs and download them to an Amazon S3 bucket.
What to read next
Forward Logs from VMware Aria Operations for Logs (SaaS) You can configure VMware Aria Operations for Logs (SaaS) to forward all or a subset of incoming log events to a syslog or HTTP endpoint. The endpoint can be a SaaS endpoint such as Splunk or an on-premise endpoint such as VMware Aria Operations for Logs . You can use log forwarding to support existing logging tools such as SIEM and to consolidate logging over different networks such as DMZ or WAN.
View Log Retention Configurations Log Retention in VMware Aria Operations for Logs (SaaS) allows you to retain certain logs for lesser number of days than the default retention period of 30 days. By retaining logs for a lesser number of days, you can remove logs with short life spans or sensitive information. The system runs log retention configurations as periodic tasks.
Configure Log Archiving You can configure VMware Aria Operations for Logs (SaaS) to archive log data if you want to retain logs older than 30 days, which is the default retention period. For example, production logs are more crucial and you can retain them for a longer period, such as a year, and you can retain test logs for a shorter period, such as six months.
Download Archived Logs You can download the archived logs from a log archival configuration in VMware Aria Operations for Logs (SaaS) to an Amazon S3 bucket of your choice.