Client events aren't really worth anything past a month. Someone asking you to keep a year's worth is ignorant of what they are.
Thanks for your response Peter. I refered to the wrong type of event in my original message. What I should have said was Threat Event not Client Event. Everything else in the original message applies but just switch Client Event to Threat Event. Would that change your response? Thanks again.
It would be difficult to provide an accurate inforamation about the data collected by the products. In ePO you can enable/disable the events forwarded from the clients for each product which actually controls the number of events pushed to database, ePO console->Menu->Settings->Server settings->Event filtering.
Download "Hardware Sizing and Bandwidth Usage Guide" and refer section "How products and events affect calculations". Hope that helps you.
PD23282 - Seach at kc.mcafee.com
There's certainly valid reasons for keeping threat event data for a reasonable period, but - obviously - retaining more data has significant implications for the SQL side of things. You'll need not only more disk to actually store the data, but you'll also need to pay more attention to database maintenance as the indexes on the tables related to the threat events will become proportionately larger. It's definitely not a simple case of "the database will get twelve times larger."
Ultimately it's down to your environment, but if you have the SQL resources to handle the additional load, then it's probably data worth having.