Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

How to ensure BIG-IQ can keep log from F5 AWAF for 90 day?

Go to solution
kridsana
Cirrocumulus
Cirrocumulus

‎10-Feb-2023 03:54

Hi,

I config F5 AWAF logging profile to send all request to BIG-IQ
How to ensure BIG-IQ can keep log from F5 AWAF for 90 day? 

Should I need to modify some default configuration on BIG-IQ CM? or just left it at default?

Kridsana

config data logging.PNGconfig retention.PNG

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Sebastiansierra
MVP
MVP

‎13-Feb-2023 06:51 - edited ‎13-Feb-2023 06:51

Hi @kridsana,

You have to configure the retention policy configured in in the CM, 

Sebastiansierra_1-1676299818184.png

 

You have to click in Configure Retention, then configure the parameter  "Keep daily data up to "  90 , the necessary days you have to save the information.

Sebastiansierra_0-1676299749943.png

Hope it´s work.

 

 

View solution in original post

5 REPLIES 5

Go to solution
Sebastiansierra
MVP
MVP

‎13-Feb-2023 06:51 - edited ‎13-Feb-2023 06:51

Hi @kridsana,

You have to configure the retention policy configured in in the CM, 

Sebastiansierra_1-1676299818184.png

 

You have to click in Configure Retention, then configure the parameter  "Keep daily data up to "  90 , the necessary days you have to save the information.

Sebastiansierra_0-1676299749943.png

Hope it´s work.

 

 

Go to solution
kridsana
Cirrocumulus
Cirrocumulus
In response to Sebastiansierra

‎20-Feb-2023 09:22

Hi @Sebastiansierra 

Sorry for late reply. I just open the case and support told me that I need to config on below menu

index count.PNG

By changing  the Rotation type in asmindex (asm event log in my case) to "Time based" and set Rotation period to "90" day, 

Now I'm not sure though. 😅
Should I do both? What is your retention policy configuration meaning?
Kridsana

0 Kudos

Go to solution
Sebastiansierra
MVP
MVP
In response to kridsana

‎21-Feb-2023 10:01

Hi @kridsana,

There are two different things, first, the rotation is used to keep the logs for a period of days, and the other determines the amount of storage dedicated to saving the logs for this period, take in mind that you can configure 90 days but if at the day 80, the storage is full the system will delete the oldest files to save the new logs, so you have to configure both, and additional you have to monitor the storage configured to adjust the value for the 90 days required.

Hope it´s work.

0 Kudos

Go to solution
kridsana
Cirrocumulus
Cirrocumulus
In response to Sebastiansierra

‎21-Feb-2023 11:26

Hi @Sebastiansierra 

So If I want to config BIG-IQ to keep log for 90 days. I need to
1. Config Rotation type to Time based and value 90 days.
2. resize disk space in /var for enough log in 90 day. (/var for event asm log)

I don't need to config Retention policy to 90 day, Am I correct?

0 Kudos

Go to solution
Leslie_Hubertus
Community Manager
Community Manager

‎13-Feb-2023 21:35

@kridsana - I'm going to mark @Sebastiansierra 's reply as an Accepted Solution to make it clear to future users looking for the same answer. 🙂

Copyright © 2023 Khoros, LLC