ASM (11.6.0) policy doesn't log

Question

Hi,&nbsp;
i have imported a ASM policy from my lower environment to prod Version (both 11.6.0), after the policy update prod asm doesn't log anything in the event logs.i can see only the log prior to the update. It was working fine before. any thoughts to fix this?&nbsp;

kai_m__48813 · Answer

if the asm policy has been moved to a new virtual server, make sure the correct logging profile is attached.
it can be found on the policies tab on the virtual server.&nbsp;

vijith_182946 · Answer

From BIG-IP ASM 11.6 onward, F5 system no longer writes security events to syslog by default. So it does not log them locally to the /var/log/asm. You may enable the send_content_events parameter to bring back the logs. However F5 dont recommend to enable this. What you can do is to send the logs to remote logging server. https://support.f5.com/csp/article/K16053

Forum Discussion

ASM (11.6.0) policy doesn't log

2 Replies

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

Auditing Security Policy Updates

Minimizing Security Complexity: Managing Distributed WAF Policies

LTM Policy

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Access policy, LTM policy and iRules