Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

ASM logs

THE_BLUE
Cirrostratus
Cirrostratus

Is there any way to save ASM logs for long time? if yes, then for how long the logs is saved?

i have an issue with my remote logging so as workaround is there any way to save all ASM logs in local folder ? or is there any script that might help me ?

2 ACCEPTED SOLUTIONS

Hi @THE_BLUE , 

It has a limit and this couldn't be changed , if you reach to that limit a clean process will delete the older logs , this is the limits ( 5 GB for Physical appliances / 2 GB for VEs ) which nearly equal = 3 millions records can be saved. 

Have a look on this articles : 
https://my.f5.com/manage/s/article/K000132357
https://my.f5.com/manage/s/article/K01121054

My recommendation is to avoid recording all requests , and do that for illegal only to maintain your log storage. 

by the way Bigip is not a Log storage and this should be done by remote SIEM solution. 

_______________________
Regards
Mohamed Kansoh

View solution in original post

Actually for a virtual edition the disk size can be increased but better check for support before that and as @Mohamed_Ahmed_Kansoh  mentioned SIEM or BIG-IQ is the best option.

 

Extending disk space on BIG-IP VE (f5.com)

View solution in original post

6 REPLIES 6

Hi @THE_BLUE , 

It has a limit and this couldn't be changed , if you reach to that limit a clean process will delete the older logs , this is the limits ( 5 GB for Physical appliances / 2 GB for VEs ) which nearly equal = 3 millions records can be saved. 

Have a look on this articles : 
https://my.f5.com/manage/s/article/K000132357
https://my.f5.com/manage/s/article/K01121054

My recommendation is to avoid recording all requests , and do that for illegal only to maintain your log storage. 

by the way Bigip is not a Log storage and this should be done by remote SIEM solution. 

_______________________
Regards
Mohamed Kansoh

Thank you sir for the article links.

sd

Actually for a virtual edition the disk size can be increased but better check for support before that and as @Mohamed_Ahmed_Kansoh  mentioned SIEM or BIG-IQ is the best option.

 

Extending disk space on BIG-IP VE (f5.com)

THE_BLUE
Cirrostratus
Cirrostratus

Does BIGIP support WAZUH siem ? it's an open source 

You can just check it in the article the supported format  https://my.f5.com/manage/s/article/K37655278 and see if wazuh has such format or normal syslog that is for not formated destination.

JorgeHermann
Nimbostratus
Nimbostratus

Thanks for answering, I appreciate it.

sd