Cookie Counting

Try this:

when HTTP_REQUEST { 
    log local0. "IP: [IP::client_addr], Cookies: [HTTP::cookie count], UA: [HTTP::header User-Agent]"
}

Great, thats achieved exactly what i asked for thank you... if i wanted to go one step further and only log one log entry per session, rather than creating a log entry for every single request is this achievable?

That presents a special problem with regard to HTTP as a stateless protocol. Since any single HTTP request is atomic and indistinguishable from any other request, you have to employ state mechanisms outside the original protocol specification to be able to correlate multiple HTTP requests. The absolute easiest option here is an HTTP cookie. You could set a cookie on first HTTP request and then look for it in subsequent requests.

when HTTP_REQUEST {
    if { not ( [HTTP::cookie exists MySiteCookie] ) } {
        set setcookie 1
        log local0. "IP: [IP::client_addr], Cookies: [HTTP::cookie count], UA: [HTTP::header User-Agent]"
    } 
}
when HTTP_RESPONSE {
    if { ( [info exists setcookie] ) and ( $setcookie == 1 ) } {
        HTTP::cookie insert name MySiteCookie value 1 path "/"
    }
}

If by "session", you mean TCP connection, there is an alternate way to accomplish this:

    when CLIENT_ACCEPTED {
        set client "[IP::client_addr]:[TCP::client_port]"
    }
    
    when HTTP_REQUEST {
        if { ![info exists ccount] } {
            set ccount [HTTP::cookie count]
        } else {
            incr ccount [HTTP::cookie count]
        }
        
        if { [HTTP::header exists User-Agent] } {
            set ua [HTTP::header User-Agent]
        }
    }

    when SERVER_CLOSED {
        if { ![info exists ua] } {
            set ua ""
        }
        
        log local0. "Client: ($client), Cookies: ($ccount), UA: ($ua)"
    }

This assumes that the User-Agent doesn't change over the lifetime of the TCP connection, which is generally a valid assumption.