...
The detailed SSH logs, which record most command line input and output as well as file transfers, are generally rotated out of use and discarded after approximately 4 weeks unless suspected activites have occurred. These logs provide much of the input for the host-based intrusion detection system. For specific security incidents, relevant portions of these logs may be saved into our incident response tracking system or other areas. Higher-level logs (e.g., network flows, IDS alerts, authentication logs, process accounting, and general system logs) may be held for longer periods of time.
...