Forum Discussion

muntae_kim's avatar
muntae_kim
Icon for Cirrus rankCirrus
Feb 16, 2024
Solved

Request for review of appropriateness of commands related to F5 log retention period setting

hello. My name is Muntae Kim. Due to the EoTS of the BIG-IP SW used by our client, we are inevitably unable to open the case and would like to ask for your assistance. 1. Customer information:   -...
security
  • whisperer's avatar
    whisperer
    Feb 16, 2024

    I would be cognizant that you will be changing settings away from default values. This is usually not done unless there is a good use case. In your case, more logs means eating more space on /var/log. If you run out of space, TMM traffic may stop.

    Logs should be offloaded from the F5 for retention. Syslog or HSL to something like Splunk. Logging on the F5 is meant to be either temporary or ephemeral to support troubleshooting, NOT audit requirements.

    Finally, audit may be more unhappy with one running BIG-IP software out of support and full of CVEs! I would upgrade to either BIG-IP v15.x or 17.x.

whisperer's avatar
whisperer
Icon for MVP rankMVP

I would be cognizant that you will be changing settings away from default values. This is usually not done unless there is a good use case. In your case, more logs means eating more space on /var/log. If you run out of space, TMM traffic may stop.

Logs should be offloaded from the F5 for retention. Syslog or HSL to something like Splunk. Logging on the F5 is meant to be either temporary or ephemeral to support troubleshooting, NOT audit requirements.

Finally, audit may be more unhappy with one running BIG-IP software out of support and full of CVEs! I would upgrade to either BIG-IP v15.x or 17.x.

whisperer's avatar
whisperer
Icon for MVP rankMVP
Feb 16, 2024

The commands and steps you are using are from the following Knowledgebase: https://my.f5.com/manage/s/article/K13367. Since this is valid for up to version v17 as per F5 support, I don’t see why there wouldn’t be an issue :)