Log rotation manages log file size.
Log retention defines how long logs are kept: PCI DSS (1 year), HIPAA (6 years), SOX (7 years).
Hot (recent, fast, expensive) → warm (months, slower) → cold (archival, cheapest) storage tiers manage retention costs. Incident investigations often need logs from 30-90 days ago. Minimum 1-year retention is a safe default for most organizations.