ASM Event log with local storage

Thank you Hannes Rap! But in TMOS 11.6, /var/log/asm doesn't store Event Application Logs (such as illegal requests", and as I know, Event Application Logs are stored in ASM data DB, which limited with numbers of row or entry length. But I don't really know the way to increase them. Please refer: https://support.f5.com/kb/en-us/solutions/public/16000/000/sol16053.html and https://support.f5.com/kb/en-us/products/big-ip_asm/releasenotes/product/relnote-asm-11-6-0.html

Hello, Sorry for the late reply. The link you gave me also includes a solution which is reverting to pre-11.6 behaviour. However, due to performance issues, it seems like F5 is looking to more aggressively push their clients towards a Remote ASM Logging solution. It does make sense and we've already ditched Local ASM Logging a while ago, only issue is that Remote Logging does not enable you to log POST parameters as was possible with Local Logging (ASM intenal DB). Quoting from the link you gave me: "Beginning in BIG-IP ASM 11.6.0, enhancements were introduced to improve system performance and stability. As a result, the system no longer writes security events to syslog by default and it does not log them locally to the /var/log/asm file. You may enable the send_content_events internal parameter to replicate the old behavior. However, F5 recommends leaving it disabled due to a potential decrease in performance." Would it suffice if you enable the "send_content_events", as recommended in this article, or is it not an option? I'm afraid there are no good alternatives for ASM Local Logging from 11.6 onwards. At least, you would have the logs for a greater number of days in /var/log/asm.x files.

Thank you Hannes Rapp! Sorry for late reply. I think, as recommended, and with my auditing plan, it's better that I should not enable "send_content_events". I'm looking for the solution with new behavior to extend asm local storage, before I implement remote logging plan. Thank you again. Loan.