Log Files

Do you have a recommended method for archiving/maintaining the log file?

That's entirely up to you -- One recommendation is to rotate the log once per day and delete the log after 10 days. This goes along with a 10 day quarantine -- That is to say, if you keep a quarantine then you probably want to keep the log as long as you keep the messages.

Logs do get quite large so daily rotation is usually best. You can also customize your logs based on how you use them.

If you need your logs to resolve false positives then you can set the no-dupe option to reduce the length somewhat while retaining at least one entry for each matching rule.

If you do not need your logs for resolving false positives then you can use single-line mode to create only one log line per message.