I have a customer that is logging about 2,500,000 traffic-forward logs and 2,800,000 firewall logs. Close to the end of every month, I have to purge data which I really dont want to do. Is anyone having this problem? I would like to filter the logs but I want to do it in a way that if anything does happen I will have it. Is there any documentation or best practices on this.