Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IQ Web App Security (ASM)
Opened: May 08, 2018 Severity: 3-Major
BIG-IQ has built-in size boundaries for different ElasticSearch indexes. Those settings might not prevent the storage from being filled with events and alerts when using the non-large VM configuration.
The disk might get filled.
The issue happens when Data Collection Devices are configured to use ASM services and the non-large VM configuration is chosen. F5 downloads site offers two VM configurations for each supported hypervisor - non-large and large. The large configuration name contains the LARGE string.
Consider changing the default configuration under System >> BIG-IQ Data Collection Cluster >> Logging Data Collection.
None