I config F5 AWAF logging profile to send all request to BIG-IQ
How to ensure BIG-IQ can keep log from F5 AWAF for 90 day?
Should I need to modify some default configuration on BIG-IQ CM? or just left it at default?
Solved! Go to Solution.
Sorry for late reply. I just open the case and support told me that I need to config on below menu
By changing the Rotation type in asmindex (asm event log in my case) to "Time based" and set Rotation period to "90" day,
Now I'm not sure though. 😅
Should I do both? What is your retention policy configuration meaning?
There are two different things, first, the rotation is used to keep the logs for a period of days, and the other determines the amount of storage dedicated to saving the logs for this period, take in mind that you can configure 90 days but if at the day 80, the storage is full the system will delete the oldest files to save the new logs, so you have to configure both, and additional you have to monitor the storage configured to adjust the value for the 90 days required.
Hope it´s work.