Forum Discussion

Gabriella's avatar
Gabriella
Icon for Altocumulus rankAltocumulus
Nov 25, 2019

ASM - No sample found in requests list

Hi all,

I found a lot of entry in Traffic Learning like the one below, but I cannot trace back to the original request, so I cannot analyze it and choose to delete or accept it. Any advice?

 

 

3 Replies

  • Because the Events table in the ASM mysql database has a limited number of rows, if you have a lot of events, older events can be aggregated with a representative event or deleted out of the database prior to review.

    What you are seeing is the result of this.

     

    You need to make a judgement call based on the number of events (low) and the nature of the violation, or review the suggestions on a more regular basis (before the actual events have expired).

    • shinchan-f5's avatar
      shinchan-f5
      Icon for Cirrus rankCirrus

      Hi Simon,

      Is there a KB article associated to this behavior.

      thank you

  • Hello Gabriella,

     

    Is local logging enabled on your VS?

    Do you have "Illegal requests only" or "Log all requests" logging profile on your VS?

    It could be suggestions for totally legal requests or for legal requests with staging violations, which weren't logged locally. To make it log locally you need to select appropriate logging profile.

    Also, if these requests were deleted (manually or automatic), then you won't see them.

     

    About limit of local logging - you can look at https://support.f5.com/csp/article/K37655278: "By default, the local log storage is finite with a maximum capacity of 3 million records stored across all BIG-IP ASM security policies and 2 GB in database table size."

     

    Thanks, Ivan