In a FortiSASE environment, log management is governed by a cloud-native storage policy that prioritizes performance and resource availability.

Retention Policy Framework: All FortiSASE instances come with log retention enabled by default. The standard log retention period is 30 days, though administrators can customize this policy to any duration between 2 and 30 days. This policy applies across all log types, including traffic, security, and event logs.

Automatic Deletion (A): When logs exceed the configured retention threshold, FortiSASE automatically deletes the older logs from the platform.2 This automatic purging is necessary to free up storage space on the cloud infrastructure and maintain compliance with the organization's data lifecycle settings.

Persistence and Recovery: Once logs are deleted due to the expiration of the retention period, they are generally unrecoverable from the FortiSASE platform.

Long-Term Storage Solutions: Because FortiSASE is not designed as a long-term archival solution, customers who need to store logs for months or years for regulatory compliance should configure log forwarding to an external server, such as a FortiAnalyzer or a remote Syslog server.

Analysis of Incorrect Options: * Option B and D: While traditional FortiAnalyzer deployments use SQL indexing and separate "Archive" (raw/compressed) vs. "Analytics" (SQL) tiers, FortiSASE uses a simplified cloud storage model where data is purged rather than archived or tier-shifted upon expiry.

Option C: While FortiSASE is part of the FortiCloud ecosystem, it does not automatically "back up" expired logs to another FortiCloud service; the deletion is final unless external forwarding is active.