"By default, the local log storage is finite with a maximum capacity of 3 million records stored across all BIG-IP ASM security policies and a maximum database table size of 2 GB on virtual systems and 5 GB on physical systems."
I bet audit logs are included in this sizing.
The ASM audit logs are indeed stored in /var/log, rather than in the database. (When you view the Audit log within ASM, it filters specific messages from /var/log/asm). As such, you're limited to however much space you've got on the /var/log partition and what the retention policy for the /var/log files are. I believe they are kept for 24 days by default (just checked, on my system I indeed have 24 files) but depends on the disk space as well as some other things. See here for more details:
Hope this helps.