Forum Discussion
GeoffG
Altostratus
AltostratusHigh Speed Logging in Access policy for Okta SAML
Hi All, I am looking at logging specific HTTP headers to a Remote syslog server via High Speed logging I only want to log the Headers however on the Initial ACL pass and HTTP request to t...
jaikumar_f5
Noctilucent
NoctilucentHaven't tried, but something like below, like setting a variable as 1 for a connection start. Till that connection is open, in its subsequent requests, the variable will be set to 0 post the first request.
But the problem is, for a session, there will be many sub tcp connections, if thats the case, this will not give you the exact method your looking for.
ltm rule HTTP-FIRST-REQUEST {
when CLIENT_ACCEPTED {
set unique_conn [string range [AES::key 256] 15 23]
set first_http 1
log local0. "Conn-ID=$unique_conn Client=[IP::client_addr] connection accepted. First HTTP value=$first_http"
}
when HTTP_REQUEST {
if { $first_http } {
set reqheader "Method=[HTTP::method] Host=[HTTP::host] URI=[HTTP::uri] Content-Length=$content_length"
log local0. "Client=[IP::client_addr] - Headers: $reqheader - First HTTP value=$first_http"
}
set first_http 0
}
when CLIENT_CLOSED {
log local0. "Conn-ID=$unique_conn Client=[IP::client_addr] connection closed. First HTTP value=$first_http"
}
}
