Disabling local logging on ASM
Hi,
I am having a few issues correctly configuring remote logging ( or rather completely disabling local logging) for ASM and was hoping someone here could point me in the right direction.
I have created a ‘remote only’ logging profile (no local storage) for illegal requests only and applied it to the policy – screenshots attached - so far so good, I can tail /var/log/syslog on the remote server and see illegal reqs being logged as intended.
Now that I have remote logging working fine I want to completely disable local logging to /var/log/asm to minimize disk I/O as we believe this might be causing performance degradation for a customer – I understand this should be achievable by unticking the ‘alarm’ box relative to the violation in the blocking mask and SOL11645 seems to be confirming this:
If both the Learn and Alarm flags are disabled for a certain violation, requests that trigger that violation are not logged by the system to the /var/log/asm file. These requests are logged to only the Reporting/Requests screen or, if the logging profile for the web application specifies a remote storage type, to the remote server.
However, in my tests, this doesn’t seem to work as per the solution article– if I enable Learn and Alarm in the blocking mask Illegal Requests are logged to both remote syslog and /var/log/asm, I I disable Learn and Alarm in the blocking mask Illegal Requests do not get logged at all – neither remote syslog or locally.
Is there another way to completely disable local logging (/var/log/asm) or am I missing something here?
Thanks in advance for any insight ..