Forum Discussion

Wasfi_Bounni's avatar
Wasfi_Bounni
Icon for Cirrocumulus rankCirrocumulus
Jul 01, 2021

How can I exclude a cookie from being logged to the external log server

Hi;

 

With an AWAF Logging Profile for the purpose of sending Request log messages to a Splunk Server, how can I log all headers except a cookie?

 

 

Kindly

Wasfi

ASM Advanced WAF
security
  • Daniel_Wolf's avatar
    Daniel_Wolf
    Jul 01, 2021

    Hi Wasfi,

     

    you could mask the cookie value in the logs. The process is described in K52154401.

    It should look similar to this:

     

    KR

    Daniel

  • Daniel_Wolf's avatar
    Daniel_Wolf
    Icon for MVP rankMVP
    Jul 01, 2021

    Hi Wasfi,

     

    you could mask the cookie value in the logs. The process is described in K52154401.

    It should look similar to this:

     

    KR

    Daniel

  • Wasfi_Bounni's avatar
    Wasfi_Bounni
    Icon for Cirrocumulus rankCirrocumulus
    Jul 01, 2021

    Thank you Daniel. Although my intention is not to log the Cookie due to its length, not due to its private content. It is consuming most of the log message.

     

    Would masking it reduce its length too?

    • Daniel_Wolf's avatar
      Daniel_Wolf
      Icon for MVP rankMVP
      Jul 02, 2021

      Nothing that comes to my mind instantaneously. Maybe a filter on the log server rather than on the BIG-IP?

  • Wasfi_Bounni's avatar
    Wasfi_Bounni
    Icon for Cirrocumulus rankCirrocumulus
    Jul 04, 2021

    Not sure if we need to log headers, would you think this can be enabled upon trouble-shooting. There are multiple cookies and their size is massive.