Forum Discussion
neeeewbie
MVP
MVPhow long days f5 can store asm policy audit logs ?
hi guys
how long days f5 can store asm policy audit logs ?
I found asm can stored 3M logs
but I can't find any documents relate to asm policy audti log
please let me know if you have some documents !
thank you
Hello neeeewbie.
"By default, the local log storage is finite with a maximum capacity of 3 million records stored across all BIG-IP ASM security policies and a maximum database table size of 2 GB on virtual systems and 5 GB on physical systems."
https://support.f5.com/csp/article/K37655278
I bet audit logs are included in this sizing.
neeeewbiethank you for your warm attention
I mean this audit log located at Security ›› Application Security : Audit : Log
do you know about that ?
Hello neeewbie.
As I mentioned, I bet audit logs are included in this sizing 😊
AlexBCTCumulonimbus
Hi Neeeewbie,
The ASM audit logs are indeed stored in /var/log, rather than in the database. (When you view the Audit log within ASM, it filters specific messages from /var/log/asm). As such, you're limited to however much space you've got on the /var/log partition and what the retention policy for the /var/log files are. I believe they are kept for 24 days by default (just checked, on my system I indeed have 24 files) but depends on the disk space as well as some other things. See here for more details:
https://support.f5.com/csp/article/K13367
Hope this helps.