In large customer environments, multiple users make changes to security policies. These policy changes occur in a central location, such as the BIG-IQ Web Application Security database, and not on individual BIG-IP ASM devices. To address possible concerns, the BIG-IQ system provides an audit log that records all traffic (users, times, events, and so on). Users who can access the BIG-IQ console (shell) have access to this file.
The BIG-IQ system records every change (every configuration change to a working-configuration object) in the audit log. A change is defined as: any object created, object deleted, or object modified. Thus, the audit log is an important tool for debugging and tracking changes to devices.
The audit log viewer in BIG-IQ Web Application Security displays these properties.
In high-availability (HA) configurations, each node maintains its own audit log. Entries are synced after the HA configuration is set. If you have entries on the primary node and then configure HA, the previously-generated entries on the primary will not be replicated to the standby node; new entries will be replicated.