I originally installed Zenarmour using SQLite but I wanted more than 2 days data retention. Although my firewall is powerful enough to install elasticsearch (quad core, 8gb RAM), I preferred to keep Elasticsearch separate from my firewall, so I purchased a mini server to act as my Elasticsearch server (I will use it for other data logging as well now that I have it).
The install of Zenarmour went well and everything is working well as far as I can see but when I check the database in settings I get the following warning:
'We do not advise to set a data retention interval longer than 2 days for elasticsearchRemote backend'
It is currently set to 7 days.
Question; Why would using a much more powerful external Elasticsearch server for Zenarmor give a recommendation to only retain 2 days of logs while using Elasticsearch installed on the vastly less powerful firewall it is happy with a 7 day retention period?
Hi,
Thanks for reporting. This is a known UI issue. You can dismiss it and set retention period more than 2 days.
Thank you.