MSZ
Jan 18, 2016Nimbostratus
ASM Logging
Kindly explain the following queries related to the logs:
What is the default size of the logs file? How many days it rotate or compress the logs?
Kindly share some article or other information related to the ASM logs which are kept in DB. What about legal requests and illegal requests etc.
Hello MSZ,
 
If running ASM v11.6+ you'll need to enable logging per SOL16053: BIG-IP ASM does not log security events locally by default in 11.6.0
 
For details on setting up ASM logging profiles I recommend John Wagnon's DevCentral article The BIG-IP Application Security Manager Part 10: Event Logging
 
Here's an example from my lab of the ASM logging an illegal Request violation using a URI with /%
 
Oct 18 09:22:34 bigipVE-25 crit perl[28921]: 01310038:2: [SECEV] Request violations: Evasion technique detected. HTTP protocol compliance sub violations: N/A. Evasion techniques sub violations: N/A. Web services security sub violations: Bad unescape. Virus name: N/A. Support id: 13697844613363007900, source ip: 192.168.100.143, xff ip: N/A, source port: 60132, destination ip: 192.168.201.140, destination port: 80, route_domain: 0, HTTP classifier: /Common/SSOPRD-RP, scheme HTTP, geographic location: , request: , username: , session_id: <59f78b16fc9d332>, violation_rate: 1