Forum Discussion
muntae_kim
Cirrus
CirrusRequest for review of appropriateness of commands related to F5 log retention period setting
hello. My name is Muntae Kim. Due to the EoTS of the BIG-IP SW used by our client, we are inevitably unable to open the case and would like to ask for your assistance. 1. Customer information: -...
I would be cognizant that you will be changing settings away from default values. This is usually not done unless there is a good use case. In your case, more logs means eating more space on /var/log. If you run out of space, TMM traffic may stop.
Logs should be offloaded from the F5 for retention. Syslog or HSL to something like Splunk. Logging on the F5 is meant to be either temporary or ephemeral to support troubleshooting, NOT audit requirements.
Finally, audit may be more unhappy with one running BIG-IP software out of support and full of CVEs! I would upgrade to either BIG-IP v15.x or 17.x.
whisperer
MVP
MVPI would be cognizant that you will be changing settings away from default values. This is usually not done unless there is a good use case. In your case, more logs means eating more space on /var/log. If you run out of space, TMM traffic may stop.
Logs should be offloaded from the F5 for retention. Syslog or HSL to something like Splunk. Logging on the F5 is meant to be either temporary or ephemeral to support troubleshooting, NOT audit requirements.
Finally, audit may be more unhappy with one running BIG-IP software out of support and full of CVEs! I would upgrade to either BIG-IP v15.x or 17.x.
whispererMVP
MVPThe commands and steps you are using are from the following Knowledgebase: https://my.f5.com/manage/s/article/K13367. Since this is valid for up to version v17 as per F5 support, I don’t see why there wouldn’t be an issue :)