Comparison of SAL Remote Event Storage and Monitoring Options

SAL integration shows similar options for storing event data externally to a management center and CDO:


	SAL (OnPrem)	SAL (SaaS)
Why choose this solution?	You want to increase your on-premises firewall event data storage capacity, retain this data for a longer period, and export your event data to the Secure Network Analytics appliance.	You want to send firewall events for storage and optionally make your firewall event data available for security analytics using Secure Cloud Analytics.
Licensing	Purchase license and set-up the storage system behind your firewall. For more information, see Licensing for SAL (OnPrem)	Purchase license and a data storage plan and send your data to the Cisco cloud. For more information, see Licensing for SAL (SaaS)
Supported event types	Connection File and Malware Intrusion LINA Security Intelligence	Connection File and Malware Intrusion Security Intelligence
Supported methods to send events	Supports both, syslog and direct integration.	Supports both, syslog and direct integration.
Event viewing	View events on the Secure Network Analytics Manager. Cross-launch from the management center event viewer to view events on the Secure Network Analytics Manager. View remotely stored connection and security intelligence events in the management center.	View events in CDO or Secure Network Analytics Manager, depending on your license. Cross-launch from the management center event viewer.