For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Simon_Blakely's avatar
Simon_Blakely
Icon for Employee rankEmployee
Nov 09, 2017

a) Anyway we can increase the box disk space ?

 

You can increase the disk space on the LTM (for VE and vcmp guests, not hardware LTMs), but we do not recommend it. It will also not increase the storage for the ASM event logs - these are database table limitations that should not be modified, as they will negatively impact the device performance.

 

What you can do is investigate Big-IQ Security and the Big-IQ logging nodes - these form a distributed database system for ASM/AFM event logging, and provide reporting and search facilities.

 

b) If we use siem/syslog server to point out these logs, how difficult to search back per rule/policy and fine tuning it back?

 

I can't really answer that, because I don't know your siem. However, the text logs take a bit more interpreting, so it will be more work. Once you get used to the log format, it will get easier, I guess.

 

As we aware the build-in case/security log is quite good as it has learn feature along with signature references..

 

Learning/Policy building aggregates events, so that even if the specific violation is missing from the Event log, there should be related events that illustrate the violation and allow informed configuration changes.

 

I hope this helps.