logging issues ASM 13.1.1.4

"when a new policy is created no request is logged but the learning process is running which means that the builder policy learn from the traffic but it doesn't display any request at the event log."

• Did you apply a logging profile to the virtual server that has this new ASM policy? Are you filtering for legal and illegal requests? (remove the illegal log filter)

"another issue is faced with the logging profile, when a change is made with an existed VS it will not be taken under consideration, for example when a logging profile set disabled for a VS, it still log the requests sent to that VS."

• How are you disabling the logging profile? Removing ti from the virtual server? Are you saying that after removing the logging profile from a virtual server you are still seeing new ASM logs for that policy for that specific virtual server?

"ASM subsystem error (asm_start,F5::NwdUtils::Nwd::log_failure): Watchdog detected failure for process. Process name: pabnagd, Failure: Insufficient number of threads (required: 2, found: 0).  "

• K15416: Overview of the BIG-IP ASM watchdog process (11.x - 13.x) - According to this article the Watchdog daemon monitors other ASM daemons for failure so this log is expected in some context but does mean that pabnagd is facing some issue.
• K14020: BIG-IP ASM daemons (11.x - 15.x) - The pabnagd process is responsible for automated policy building operations.
• Bugtracker does list a bug with that error on your software version, Bug ID 767941: Gracefully handle policy builder errors, there are few details so you would likely need a case with F5 support to get more details.

Best,

Andrew