Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP All
Known Affected Versions:
11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2
Fixed In:
13.0.0, 12.1.2 HF1, 11.6.4
Opened: Nov 11, 2016 Severity: 3-Major
During a period where a lot of data is logged (such as the loading of a large configuration), audit_forwarder can use up a large amount of memory.
The excessive memory usage may result in processes getting restarted. Once the logging is done, audit_forwarder will not release all of the used memory.
audit_forwarder is used with config.auditing.forward.type set to either "none" or "radius" and config.auditing set to "verbose" or "all".
Setting config.auditing value to "enable" or "disable" will slow or stop the excessive memory usage.
Prevented audit_forwarder from using more memory than it needs.