Forum Discussion
THE_BLUE
Cirrostratus
CirrostratusDelete ASM policy push message from /var
I noticed that /var partion is full because of ASM , so does f5 save the push message after aplaying policy ? can i delete the unessassary files? i saw the following link, does this will affect the...
Hi Again,
As the article says, it is a bug detected in the system, and the workaround is to create a cron job to delete the files generated by ASM in two cases:
1. When you select the Apply Policy button in a security policy repeatedly and frequently
2. When you enable automatic policy building for one or more policies with several frequent changes.
The BIG-IP ASM system creates files in the /var/ts/var/cluster/send directory, which is cleaned up at regular intervals.it is possible to fill the disk partition before this cleanup occurs. And this is the reason why you need to create a Crontab Job.
These files that the article recommends you delete, don´t affect your policy, by default this information is deleted automatically by the system, but you ASM are generating these files more quickly than the system deletes it.
If you have your policy in atuomatic learning, you must modify this parameter when release the policy in a production environment, Aitomatic learning without human validation can dissabled security control over the policy in a masive atack from differents source.
THE_BLUEHi,
many thanks for your input.
accordding to below link :
https://support.f5.com/csp/article/K15125052
policy history is saved under this path /var/ts/dms/policy/policy_versions, i have deleted them and there was no affect in my policy. But still there is sth which i can't define it which cause the /var go full for 100% then by itself can decrease to 95% for example.