how long days f5 can store asm policy audit logs ?

neeeewbie · ‎20-Apr-2022

hi guys

I found asm can stored 3M logs

but I can't find any documents relate to asm policy audti log

please let me know if you have some documents !

thank you

Dario_Garrido · ‎21-Apr-2022

Hello neeeewbie.

"By default, the local log storage is finite with a maximum capacity of 3 million records stored across all BIG-IP ASM security policies and a maximum database table size of 2 GB on virtual systems and 5 GB on physical systems."

https://support.f5.com/csp/article/K37655278

I bet audit logs are included in this sizing.

Regards,
Dario.

neeeewbie · ‎21-Apr-2022

thank you for your warm attention

I mean this audit log located at Security ›› Application Security : Audit : Log

do you know about that ?

Dario_Garrido · ‎22-Apr-2022

Hello neeewbie.

As I mentioned, I bet audit logs are included in this sizing 😊

Regards,
Dario.

AlexBCT · ‎23-Apr-2022

Hi Neeeewbie,

The ASM audit logs are indeed stored in /var/log, rather than in the database. (When you view the Audit log within ASM, it filters specific messages from /var/log/asm). As such, you're limited to however much space you've got on the /var/log partition and what the retention policy for the /var/log files are. I believe they are kept for 24 days by default (just checked, on my system I indeed have 24 files) but depends on the disk space as well as some other things. See here for more details:

https://support.f5.com/csp/article/K13367

Hope this helps.

DevCentral

how long days f5 can store asm policy audit logs ?

Khoros Kudos Award 2022