The Alert Logic® command line interface (CLI) can be used to determine the log retention period for your account. This query works for customers with Alert Logic Professional or Enterprise in the Managed Detection & Response (MDR) platform, as well as for Alert Logic Cloud Defender and Log Manager® customers.
Note: Alert Logic Cloud Defender and Log Manager customers can also view their log retention period in the Alert Logic console at the Support menu () > Support.
Determine Your Retention Period
To determine your log retention period, execute:
alcli --query entitlements subscriptions get_entitlements --product_family log_data_retention --account_id accountID
alcli --query entitlements subscriptions get_entitlements --product_family log_data_retention --account_id 12345678
In this output, the “value” and “value_type” define the retention period, for example 25 months as shown above. If no value is returned, the log retention period is the default of 13 months.
Understanding Log Retention Period
Log messages will be deleted no later than the end of the log retention period, and no sooner than one month before this. For example, for a log retention period of 13 months:
- Log messages will be removed after no more than 13 months
- Log messages will be retained at least 12 months—one month before the log retention period.
The current implementation of log message expiration begins expiration on the first day of each month. Log messages due to be expired by the end of that calendar month will be removed sometime during the course of that month. The timing of that process is not specified, other than that it will occur within this time frame.