Forum Discussion

Preet_pk's avatar
Preet_pk
Icon for Cirrus rankCirrus
Aug 31, 2021

Investigation/identification of WAF Parameter violations from archived F5 ASM security logs

Hi,   In our environment, F ASM logs older than 2hrs are getting cleared out. Some ASM support-ID event logs are also not getting saved/captured locally.   Kindly let me know how to figure o...
application delivery
ASM Advanced WAF
Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP
Sep 01, 2021

Hi Preet.pkm

 

Using Guarantee Logging will not help. When you store the logs locally, the logging utility may compete for system resources (this might be the case when you are under attack). Guarantee Logging setting ensures that the system logs the requests in this situation but may result in a performance reduction in high-volume traffic applications. However Guarantee Logging will not extend the time logs are stored locally.

 

Second, I would recommend enable remote logging. With two hours of local logs, you will not go anyway for.

Local logging is for analyzing what is going on right now. For forensics I recommend remote logging.

Analyzing archived logs will not make you happy on the long run.

 

KR

Daniel