As far as requirements, the LEM can parse and bring in data from IIS logs. We have a stock report in the Reports console "Network Traffic Audit - Web Traffic by Source Machine" that can be customized with whatever end-user IP and show all accessed URLs for a time-span, so I think we can meet both requirements that you have.
As for questions:
Q: Can I retain logs for X number of years?
A: Yes. You set retention by balancing traffic against the size of the disk. In Hyper-V 2012 and VMWare 5.5, the maximum disk size is 64TB, and the LEM can use a disk that size to retain data if required, though many customers are satisfied with the default 250GB disk size. You can also setup tasks to roll data to a cold-store on another server instead of keeping it all in the actively-searchable database if that is preferred.
Q: What is the HA of this product?
A: The LEM is a virtual appliance, so we rely on your VM infrastructure to provide HA in the event of a system failure/disaster recovery.
Q: Does it use SQL Database?
A: No, the LEM virtual appliance runs a proprietary database internally. This architecture was chosen to address the auditing/compliance concern of companies potentially tampering with or altering the data they show auditors. By setting up the database and running it internally, the end-user isn't granted rights or permissions to alter the database. This allows auditors to trust reports and output from the LEM.
Q: Can it be used to collect Network Device syslog messages?
A: Yes. The list of supported products is constantly growing, but some segment of it can be found on the Solarwinds Website. (CTRL + F for "Data Sources")