MARS stores system messages such as syslogs and SNMP traps generated by reporting devices in its databases. This action occurs even if the event doesn't match a rule condition.
When writing data to its databases MARS uses a First-in First-out (FIFO) approach.
When the storage limit is reached in a particular model of MARS, it wipes out the oldest day of event data. This data is lost if you are not doing archiving.
Hope this helps.