Our ITDA in in place to fit some certification prerequisites (ISO27K1 etc ...)
As it is used to get all the syslogs from equipements of our datacenters, there is a huge amount of data (in Tera per month)
If would be nice to have some archive/compress purpose.
Let's say there is the standard data retention (default is 14 days but can be increased through config file).
And adding like a "Data Archive" in the administration tab that will let us chose options like "Archive and Compress data older than :" "1 month" for exemple and "Delete Data older than :" "6 month"
As for security equipment for exemple we contractually need to keep 6 month retention, and I don't specially want to map a 20TO lun to my ITDA Server.
From my point of view (and use cases), we want to use this ITDA as a Splunk server (I don't know if ITDA devs see their tools like a splunk)