I have been asked to extend the availability of the SM21 logs to 9 months. I have estimated that each file would then be something like 500GB and we have 10 application instances. A security compliance officer here wants to look for "interesting" things in them but I am very reluctant to make the changes needed as I fear what will happen when he does a global read from all files at the same time with such huge files.
What is the SAP best practice for the SM21 logs?
How do you handle requests like this?
I would really appreciate some input on this topic.