Hi,
not sure someone mentioned that the maximum logs retention in SEPM is 90 days. If you need more, you have to consider the external logging features and handle the retention in your external logging server.
However, rather than posting steps that can be found in the manuals, I'd like you to think again about your needs, not sure you have considered the impact of storing 12 months of logs (or just the max 3 months in the SEPM):
- you will need more disk space for that
- performance of activities related to logs (dashboards, reports, notifications, etc.) will go down, especially if we are talking about thousands of clients; if you don't have a proper hardware for that, there's the risk that you will wait minutes just to see the current status of your systems
- in IT (and even more in IT security), 12 months are a lot, are you 100% sure that an event happened one year ago is still useful? If yes, why? Depending on what you have in mind, are you sure that this 1-year audit can't be the sum of monthly audits rather than creating it from the raw data?