How to ensure BIG-IQ can keep log from F5 AWAF for 90 day?

Question

Hi,I config F5 AWAF logging profile to send all request to BIG-IQHow to ensure BIG-IQ can keep log from F5 AWAF for 90 day?&nbsp;Should I need to modify some default configuration on BIG-IQ CM? or just left it at default?Kridsana

sebastiansierra · Accepted Answer

Hi&nbsp;kridsana,
You have to configure the retention policy configured in in the CM,&nbsp;

&nbsp;
You have to click in Configure Retention, then configure the parameter&nbsp; "Keep daily data up to "&nbsp; 90 , the necessary days you have to save the information.

Hope it´s work.
&nbsp;
&nbsp;

leslie_hubertus · Answer

kridsana&nbsp;- I'm going to mark&nbsp;Sebastiansierra&nbsp;'s reply as an Accepted Solution to make it clear to future users looking for the same answer. 🙂

kridsana · Answer

Hi&nbsp;Sebastiansierra&nbsp;Sorry for late reply. I just open the case and support told me that I need to config on below menuBy changing&nbsp; the Rotation type in asmindex (asm event log in my case) to "Time based" and set Rotation period to "90" day,&nbsp;Now I'm not sure though.&nbsp;😅Should I do both? What is your retention policy configuration meaning?Kridsana

sebastiansierra · Answer

Hi&nbsp;kridsana,
There are two different things, first, the rotation is used to keep the logs for a period of days, and the other determines the amount of storage dedicated to saving the logs for this period, take in mind that you can configure 90 days but if at the day 80, the storage is full the system will delete the oldest files to save the new logs, so you have to configure both, and additional you have to monitor the storage configured to adjust the value for the 90 days required.
Hope it´s work.

kridsana · Answer

Hi&nbsp;Sebastiansierra&nbsp;So If I want to config BIG-IQ to keep log for 90 days. I need to1. Config Rotation type to Time based and value 90 days.2. resize disk space in /var for enough log in 90 day. (/var for event asm log)I don't need to config Retention policy to 90 day, Am I correct?

Forum Discussion

How to ensure BIG-IQ can keep log from F5 AWAF for 90 day?

5 Replies

Recent Discussions

Port Group on F5OS network setting

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Related Content

Security Best Practices for BIG-IP & BIG-IQ systems

Insufficient permissions BIG-IQ login error

Ensuring Security in Continuous Integration and Continuous Deployment (CI/CD) Pipelines

Re: Get Started with BIG-IP Virtual Edition (VE), BIG-IQ VE or BIG-IP Cloud Edition Trial

What is BIG-IQ?