Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

how long days f5 can store asm policy audit logs ?

neeeewbie
MVP
MVP

hi guys 

 

how long days f5 can store asm policy audit logs ?

I found asm can stored 3M logs 

but I can't find any documents relate to asm policy audti log 

please let me know if you have some documents ! 

 

thank you 

4 REPLIES 4

Hello neeeewbie.

"By default, the local log storage is finite with a maximum capacity of 3 million records stored across all BIG-IP ASM security policies and a maximum database table size of 2 GB on virtual systems and 5 GB on physical systems."

https://support.f5.com/csp/article/K37655278

I bet audit logs are included in this sizing.

 

Regards,
Dario.

thank you for your warm attention 

I mean this audit log located at Security ›› Application Security : Audit : Log

do you know about that ?

Hello neeewbie.

As I mentioned, I bet audit logs are included in this sizing 😊

 

Regards,
Dario.

AlexBCT
MVP
MVP

Hi Neeeewbie, 

The ASM audit logs are indeed stored in /var/log, rather than in the database. (When you view the Audit log within ASM, it filters specific messages from /var/log/asm). As such, you're limited to however much space you've got on the /var/log partition and what the retention policy for the /var/log files are. I believe they are kept for 24 days by default (just checked, on my system I indeed have 24 files) but depends on the disk space as well as some other things. See here for more details: 

https://support.f5.com/csp/article/K13367

Hope this helps.