BIGIP only stacks about 5000 ASM logs.

Question

This is the r4600 equipment.I found that the logs only stack 2GB because r series uses tenant, virtual machine.Even if it's 2GB, it's too little to stack up to only about 5000 logs. Even these 5000 are for just one day.Whenever I open a case regarding logs, F5 says that BIGIP is not log stacking equipment, so have a separate logging server.So I don't know how to solve this problem.Is the data in Traffic Learning related to the logging disk?If you have experienced the same as me, please advise.Thank you.

daniel_wolf · Answer

Hi thekoreanguy​,
the ASM db is limited to 2 GB and also to 3 millions records, whatever limit you reach first. Check what events you are logging. Maybe you are logging all requests instead of violations only.The local logs are meant to identify and easily correlate events going on "right now" or in the past couple of hours. Any historical log info should be saved in and retrieved from a SIEM like Splunk or ELK Stack. And I agree with F5 - your BIG-IP is not a SIEM.
KRDaniel

Forum Discussion

BIGIP only stacks about 5000 ASM logs.

1 Reply

Introducing the F5 Application Study Tool (AST)

Displaying Application Study Tool (AST) Dashboards in Your Own Grafana Instance

Recent Discussions

What dose "Accept" do in BIG-IP ASM event logs

Is anyone using Certbot for F5 certificate automation? If not, what tool do you use?

Change Content-Type from application/octet-stream to multipart/form-data

f5 AI Gateway pii-redactor not working

Terraform apply failures - loadbalancer_type.https.port_choice

Related Content

Remember your first stack?

iRule based RADIUS Client Stack

iRule based RADIUS Server Stack

Re: BigIP Report

App Stack, the "iRule" of F5 Distributed Cloud

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS