SM21 logs and 9 months retention period?

Hi,

I have been asked to extend the availability of the SM21 logs to 9 months. I have estimated that each file would then be something like 500GB and we have 10 application instances. A security compliance officer here wants to look for "interesting" things in them but I am very reluctant to make the changes needed as I fear what will happen when he does a global read from all files at the same time with such huge files.

What is the SAP best practice for the SM21 logs?

How do you handle requests like this?

I would really appreciate some input on this topic.

best regards,
Kristian