Forum Discussion

Lukasz_01_15307's avatar
Lukasz_01_15307
Icon for Nimbostratus rankNimbostratus
Jan 26, 2016

ASM syslogs vs blocked request logs?

Hello!   We recently deployed ASM into the blocking mode. From time to time we still get support IDs from our users when ASM blocks a legitimate request. We usually deal with it by just going to A...
application delivery
ASM Advanced WAF
BIG-IP
  • BinaryCanary_19's avatar
    BinaryCanary_19
    Jan 27, 2016

    send_content_events is only concerning logging to 

    /var/log/asm
    on the device.

    ASM event logs in the GUI should continue to work as configured in the logging profile if you have specified.

    ASM local event log files are cycled after 3,000,000 records, or 2GB of disk usage, so this could explain why you don't see some support IDs in the database, particularly if a long time has passed since the support ID was generated.

    For this reason, it is often advisable to use a remote logging server to store logs more extensively (it also helps to reduce load on the ASM).

BinaryCanary_19's avatar
BinaryCanary_19
Historic F5 Account
Jan 27, 2016

send_content_events is only concerning logging to 

/var/log/asm
on the device.

ASM event logs in the GUI should continue to work as configured in the logging profile if you have specified.

ASM local event log files are cycled after 3,000,000 records, or 2GB of disk usage, so this could explain why you don't see some support IDs in the database, particularly if a long time has passed since the support ID was generated.

For this reason, it is often advisable to use a remote logging server to store logs more extensively (it also helps to reduce load on the ASM).