Bug ID 719024: DCD devices storage exhaustion when using non-large VM configuration size

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IQ Web App Security (ASM)(all modules)

Opened: May 08, 2018

Severity: 3-Major

Symptoms

BIG-IQ has built-in size boundaries for different ElasticSearch indexes. Those settings might not prevent the storage from being filled with events and alerts when using the non-large VM configuration.

Impact

The disk might get filled.

Conditions

The issue happens when Data Collection Devices are configured to use ASM services and the non-large VM configuration is chosen. F5 downloads site offers two VM configurations for each supported hypervisor - non-large and large. The large configuration name contains the LARGE string.

Workaround

Consider changing the default configuration under System >> BIG-IQ Data Collection Cluster >> Logging Data Collection.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips