Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

F5 ASM Report retention period

Priyesh_MP
Nimbostratus
Nimbostratus

‎16-Jan-2020 03:44

Dear Team,

 

Good day!

 

May I know where will ASM store all the reports related data? How many days reports ASM will store locally?

 

Thank you.

 

Best Regards,

Priyesh MP

Labels:
0 Kudos
7 REPLIES 7

Nathan_F__F5_
F5 Employee
F5 Employee

‎16-Jan-2020 17:42

Hi Priyesh,

 

I assume that you are referring to the ASM event logs which display things like illegal requests that were blocked. If that is correct then I believe I can answer your question. Those event logs are stored in a mysql database. That database is limited to 3 million records or 2 GB in size (whichever comes first). There is then an automatic cleaner that will remove the older records to make room for newer records when the limits of the database are being reached.

 

So to answer your question, there is no specific set number of days that it will store that data. It just depends on the size and number of requests that are being logged and how fast they are filling up the database. If you are finding that some of your event logs are being removed too quickly then my recommendation would be to use a remote logging profile to log the events to a remote server.

 

I hope that this helps answer your question.

 

-Nathan F

0 Kudos

Priyesh_MP
Nimbostratus
Nimbostratus
In response to Nathan_F__F5_

‎21-Jan-2020 00:59

Dear Nathan,

 

Thank you for your reply.

 

My query is more specific to the reports which come under Main > Security > Reporting > Application > Charts.

 

Wanted to know the below:

 

  1. Where are these report related data stored on F5 ASM? Would be great if you could specify the exact path.
  2. How long F5 ASM will store this reports? Is there any size limit for reports as well same like event logs 3 million records or 2 GB size?

 

Thank you.

 

Best Regards,

Priyesh MP

0 Kudos

Ivan_Chernenkii
F5 Employee
F5 Employee

‎17-Jan-2020 10:49

If you are talking about "Security ›› Reporting : Application : Charts", then we don't have any limits for it (almost forever)

0 Kudos

Priyesh_MP
Nimbostratus
Nimbostratus
In response to Ivan_Chernenkii

‎21-Jan-2020 01:11

Dear Ivan,

 

Good day to you! Thank you for your reply.

 

Unfortunately we are unable to see any reports before 22 December 2019. F5 ASM device shows reports from 22 December 2019 to till date only. Hence customer wants to know below:

 

  1. Where are these report related data stored on F5 ASM? Would be great if you could specify the exact path.
  2. How long F5 ASM will store this reports on the device? Is there any size limit for reports as well same like event logs 3 million records or 2 GB size?

 

Thank you.

 

Best Regards,

Priyesh MP

0 Kudos

Ivan_Chernenkii
F5 Employee
F5 Employee

‎21-Jan-2020 10:29

Hello Priesh,

 

  1. For how long traffic pass through ASM on your system?
  2. Did you upgrade your system? Statistics can be deleted in case of upgrade.
  3. Did you check different time periods (last week, last month, last year, custom)? Sometimes you don't see statistics for e.g. last two weeks in case of custom period, but you can see it in case of last month period and vice versa - it depends on when exactly we start to gather statistics, this is how aggregation mechanism works.

 

In general, we should store all statistics from day one and we don't have any limitation for reporting, like we do have in case of Event Log. We should have ability to store all statistics for several years without any problem, until it will be manually deleted or until upgrade will be executed.

 

Thanks, Ivan

0 Kudos

Priyesh_MP
Nimbostratus
Nimbostratus
In response to Ivan_Chernenkii

‎23-Jan-2020 02:26

Dear Ivan,

 

Good day to you!

 

Please find my answers below.

 

  1. For how long traffic pass through ASM on your system? --> Since 30th November 2019
  2. Did you upgrade your system? Statistics can be deleted in case of upgrade. --> No upgrade. We have restarted the ASM 1 or 2 times
  3. Did you check different time periods (last week, last month, last year, custom)? Sometimes you don't see statistics for e.g. last two weeks in case of custom period, but you can see it in case of last month period and vice versa - it depends on when exactly we start to gather statistics, this is how aggregation mechanism works. --> Yes I have checked with Last Year as well. It's showing reports from 22nd December 2019 only not from day one

 

Is there any document available, where it is saying that there is no limitation for storing reports?

 

Thank you.

 

Best Regards,

Priyesh MP

0 Kudos

Ivan_Chernenkii
F5 Employee
F5 Employee

‎23-Jan-2020 22:16

Hello Priyesh,

 

I am not sure that we have documentation about NO limit for reporting, but this is exact purpose of reporting - store huge amount of data during long period.

 

How many total requests do you have in events log and in reporting?

Do you have the same configuration from day one (the same policy, virtual server)? Did you get traffic from day one?

 

Thanks, Ivan

0 Kudos
Copyright © 2022 Khoros, LLC