Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

How to ensure BIG-IQ can keep log from F5 AWAF for 90 day?

kridsana
Cirrocumulus
Cirrocumulus

Hi,

I config F5 AWAF logging profile to send all request to BIG-IQ
How to ensure BIG-IQ can keep log from F5 AWAF for 90 day? 

Should I need to modify some default configuration on BIG-IQ CM? or just left it at default?

Kridsana

config data logging.PNGconfig retention.PNG

1 ACCEPTED SOLUTION

Hi @kridsana,

You have to configure the retention policy configured in in the CM, 

Sebastiansierra_1-1676299818184.png

 

You have to click in Configure Retention, then configure the parameter  "Keep daily data up to "  90 , the necessary days you have to save the information.

Sebastiansierra_0-1676299749943.png

Hope it´s work.

 

 

View solution in original post

5 REPLIES 5

Hi @kridsana,

You have to configure the retention policy configured in in the CM, 

Sebastiansierra_1-1676299818184.png

 

You have to click in Configure Retention, then configure the parameter  "Keep daily data up to "  90 , the necessary days you have to save the information.

Sebastiansierra_0-1676299749943.png

Hope it´s work.

 

 

Hi @Sebastiansierra 

Sorry for late reply. I just open the case and support told me that I need to config on below menu

index count.PNG

By changing  the Rotation type in asmindex (asm event log in my case) to "Time based" and set Rotation period to "90" day, 

Now I'm not sure though. 😅
Should I do both? What is your retention policy configuration meaning?
Kridsana

Hi @kridsana,

There are two different things, first, the rotation is used to keep the logs for a period of days, and the other determines the amount of storage dedicated to saving the logs for this period, take in mind that you can configure 90 days but if at the day 80, the storage is full the system will delete the oldest files to save the new logs, so you have to configure both, and additional you have to monitor the storage configured to adjust the value for the 90 days required.

Hope it´s work.

Hi @Sebastiansierra 

So If I want to config BIG-IQ to keep log for 90 days. I need to
1. Config Rotation type to Time based and value 90 days.
2. resize disk space in /var for enough log in 90 day. (/var for event asm log)

I don't need to config Retention policy to 90 day, Am I correct?

Leslie_Hubertus
Community Manager
Community Manager

@kridsana - I'm going to mark @Sebastiansierra 's reply as an Accepted Solution to make it clear to future users looking for the same answer. 🙂