Forum Discussion
Removing size lime on ASM logs
Hi,
While setting up remote logging for ASM Audit actions on our F5 BIG IP I noticed that some logs are truncated.
I tried increasing the request_buffer_size and max_raw_request_len from system variables, but that didn't make any difference.
We are running F5 BIG-IP 14.1.5.6
Using the default Remote Logging
Is there a restriction on default logging profile which restricts log size even if we change above mentioned system variables?
If so, how can we resolve this?
Hi Utkc137,
By default, the BIG-IP ASM security policy implements a size limitation on HTTP requests. The BIG-IP ASM system drops HTTP requests that are larger than the configured request buffer size and logs the request as a violation on the Security > Event Logs > Application > Requests page in the Configuration utility. The default request buffer size is 10 megabytes. This size is configurable and the maximum value is 30 megabytes for BIG-IP ASM 11.x and later.
- Go to Security > Options > Application Security > Advanced Configuration > System Variables
- For Search By Parameter Name, enter long_request_buffer_size and select Go.
The long_request_buffer_size parameter displays.
- Select long_request_buffer_size.
- For Parameter Value, enter the maximum length in bytes that you want the BIG-IP ASM security policy to accept
You can increase the value of the long_request_buffer_size internal parameter to a maximum of 30 megabytes, by performing the following procedure
Additionally, changing the long_request_buffer_size parameter value requires that you restart the BIG-IP ASM service, resulting in a brief traffic disruption.Note: The Auto-Accept and Policy Builder utilities do not support increasing the BIG-IP ASM request buffer size.
Note: You must perform a 'tmsh restart sys service asm' for this change to take effect! If you are using a device group you must perform 'tmsh restart sys service asm' on all members of the device group for this change to take effect!
root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/mmon)(tmos)# restart sys service asm
https://my.f5.com/manage/s/article/K01235989
https://my.f5.com/manage/s/article/K7935
https://my.f5.com/manage/s/article/K13367
Hope this helps
š
ā
- Utkc137Nimbostratus
This did not work.
Just for clarification, the logs we are referring to are Application Audit Logs i.e. capturing changes made on F5 application. For example, Changing "Character Set" value from: Security > Application Security > Parameters > Character Sets > Parameter Value.
- Utkc137Nimbostratus
This did not work.
Just for clarification, the logs we are referring to are Application Audit Logs i.e. capturing changes made on F5 application. For example, Changing "Character Set" value from: Security > Application Security > Parameters > Character Sets > Parameter Value.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com