You can forward incoming events to
vRealize Log Insight, Splunk, or another destination. You can retain certain logs for a lesser number of days than the default retention period. If you want to retain logs for a longer period, you can archive the logs and download them to an Amazon S3 bucket.
Forward Logs from vRealize Log Insight Cloud You can configure vRealize Log Insight Cloud to forward all or a subset of incoming log events to a syslog or HTTP endpoint. The endpoint can be a SaaS endpoint such as Splunk or an on-premise endpoint such as vRealize Log Insight. You can use log forwarding to support existing logging tools such as SIEM and to consolidate logging over different networks such as DMZ or WAN.
Configure Log Retention You can configure vRealize Log Insight Cloud to retain certain logs for a lesser number of days that the default retention period, which is 30 days. By retaining logs for a less number of days, you can remove logs with short life spans or sensitive information. The system runs log retention configurations as periodic tasks.
Configure Log Archiving You can configure vRealize Log Insight Cloud to archive log data if you want to retain logs older than 30 days, which is the default retention period. For example, production logs are more crucial and you can retain them for a longer period, such as a year, and you can retain test logs for a shorter period, such as six months.
Download Archived Logs You can download the archived logs from a log archival configuration in vRealize Log Insight Cloud to an Amazon S3 bucket of your choice.