Forum Discussion
THE_BLUE
Cirrostratus
CirrostratusASM logs
Is there any way to save ASM logs for long time? if yes, then for how long the logs is saved?
i have an issue with my remote logging so as workaround is there any way to save all ASM logs in local folder ? or is there any script that might help me ?
Hi THE_BLUE ,
It has a limit and this couldn't be changed , if you reach to that limit a clean process will delete the older logs , this is the limits ( 5 GB for Physical appliances / 2 GB for VEs ) which nearly equal = 3 millions records can be saved.
Have a look on this articles :
- https://my.f5.com/manage/s/article/K000132357
- https://my.f5.com/manage/s/article/K01121054
My recommendation is to avoid recording all requests , and do that for illegal only to maintain your log storage.
by the way Bigip is not a Log storage and this should be done by remote SIEM solution.Actually for a virtual edition the disk size can be increased but better check for support before that and as Mohamed_Ahmed_Kansoh mentioned SIEM or BIG-IQ is the best option.
Hi THE_BLUE ,
It has a limit and this couldn't be changed , if you reach to that limit a clean process will delete the older logs , this is the limits ( 5 GB for Physical appliances / 2 GB for VEs ) which nearly equal = 3 millions records can be saved.
Have a look on this articles :
- https://my.f5.com/manage/s/article/K000132357
- https://my.f5.com/manage/s/article/K01121054
My recommendation is to avoid recording all requests , and do that for illegal only to maintain your log storage.
by the way Bigip is not a Log storage and this should be done by remote SIEM solution.
JorgeHermannNimbostratus
Thank you sir for the article links.
- Nikoolayy1
MVP
Actually for a virtual edition the disk size can be increased but better check for support before that and as Mohamed_Ahmed_Kansoh mentioned SIEM or BIG-IQ is the best option.
THE_BLUEDoes BIGIP support WAZUH siem ? it's an open source
- Nikoolayy1
You can just check it in the article the supported format https://my.f5.com/manage/s/article/K37655278 and see if wazuh has such format or normal syslog that is for not formated destination.
- JorgeHermann
Thanks for answering, I appreciate it.