Forum Discussion

Utkc137's avatar
Utkc137
Icon for Nimbostratus rankNimbostratus
Dec 08, 2023

Removing size lime on ASM logs

Hi,

While setting up remote logging for ASM Audit actions on our F5 BIG IP I noticed that some logs are truncated.

I tried increasing the request_buffer_size and max_raw_request_len from system variables, but that didn't make any difference.

We are running F5 BIG-IP 14.1.5.6 
Using the default Remote Logging

Is there a restriction on default logging profile which restricts log size even if we change above mentioned system variables?

If so, how can we resolve this?

  • Hi Utkc137,

    By default, the BIG-IP ASM security policy implements a size limitation on HTTP requests. The BIG-IP ASM system drops HTTP requests that are larger than the configured request buffer size and logs the request as a violation on the Security > Event Logs > Application > Requests page in the Configuration utility. The default request buffer size is 10 megabytes. This size is configurable and the maximum value is 30 megabytes for BIG-IP ASM 11.x and later.

    1. Go to Security > Options > Application Security > Advanced Configuration > System Variables
    2. For Search By Parameter Name, enter long_request_buffer_size and select Go.

      The long_request_buffer_size parameter displays.

    3. Select long_request_buffer_size.
    4. For Parameter Value, enter the maximum length in bytes that you want the BIG-IP ASM security policy to accept

      You can increase the value of the long_request_buffer_size internal parameter to a maximum of 30 megabytes, by performing the following procedure

       

       

       


      Additionally, changing the long_request_buffer_size parameter value requires that you restart the BIG-IP ASM service, resulting in a brief traffic disruption.

      Note: The Auto-Accept and Policy Builder utilities do not support increasing the BIG-IP ASM request buffer size.

       Note: You must perform a 'tmsh restart sys service asm' for this change to take effect! If you are using a device group you must perform 'tmsh restart sys service asm' on all members of the device group for this change to take effect!

      root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/mmon)(tmos)# restart sys service asm

      https://my.f5.com/manage/s/article/K01235989

      https://my.f5.com/manage/s/article/K7935

      https://my.f5.com/manage/s/article/K13367

       

      Hope this helps

      šŸ™

       

       

      ā€ƒ

    • Utkc137's avatar
      Utkc137
      Icon for Nimbostratus rankNimbostratus

      This did not work. 
      Just for clarification, the logs we are referring to are Application Audit Logs i.e. capturing changes made on F5 application. For example, Changing "Character Set" value from: Security > Application Security > Parameters > Character Sets > Parameter Value.

  • This did not work. 
    Just for clarification, the logs we are referring to are Application Audit Logs i.e. capturing changes made on F5 application. For example, Changing "Character Set" value from: Security > Application Security > Parameters > Character Sets > Parameter Value.