For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

draco_184361's avatar
draco_184361
Icon for Nimbostratus rankNimbostratus
Oct 29, 2017

Hi Regarding logging to arcsight . how do i extend the storage of asm logs for more than 1 day.

We are already logging to remote log server arcsight but we see only for one day in the arcsight ? how do i extend that ?  
application delivery
ASM Advanced WAF
BIG-IP
security
samstep's avatar
samstep
Icon for Cirrocumulus rankCirrocumulus
Nov 01, 2017

Clearly the problem is in your ArcSight and not in F5. If you are seeing logs in ArcSight the log data has already left the F5 and is stored on ArcSight. If you can't see more than one day's worth of logs in ArcSight you either have a data retention period set to 1 day in ArcSight (which is really bad) or using a filter in ArcSight to show you only the last 24 hours of logs (which is more likely).