Forum Discussion
3 Replies
- Simon_BlakelyEmployee
Because the Events table in the ASM mysql database has a limited number of rows, if you have a lot of events, older events can be aggregated with a representative event or deleted out of the database prior to review.
What you are seeing is the result of this.
You need to make a judgement call based on the number of events (low) and the nature of the violation, or review the suggestions on a more regular basis (before the actual events have expired).
- shinchan-f5Cirrus
Hi Simon,
Is there a KB article associated to this behavior.
thank you
- Ivan_ChernenkiiEmployee
Hello Gabriella,
Is local logging enabled on your VS?
Do you have "Illegal requests only" or "Log all requests" logging profile on your VS?
It could be suggestions for totally legal requests or for legal requests with staging violations, which weren't logged locally. To make it log locally you need to select appropriate logging profile.
Also, if these requests were deleted (manually or automatic), then you won't see them.
About limit of local logging - you can look at https://support.f5.com/csp/article/K37655278: "By default, the local log storage is finite with a maximum capacity of 3 million records stored across all BIG-IP ASM security policies and 2 GB in database table size."
Thanks, Ivan