Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Jamie_Ostrowsk1's avatar
Jamie_Ostrowsk1
Icon for Nimbostratus rankNimbostratus
Apr 11, 2019
Solved

HTTP request data missing from my logging profile results

BIGIP LTM version 13.0.1 I'm trying to set up a logging profile for our F5's so they will send request logs to a remote syslog server. Unfortunately even though I am able to see the packets bein...
application delivery
LTM
  • Jamie_Ostrowsk1's avatar
    Jamie_Ostrowsk1
    Apr 12, 2019

    After further testing, it turned out there was an invisible character pasted into the template that was causing the problem.

     

youssef1's avatar
youssef1
Icon for Cumulonimbus rankCumulonimbus
Apr 11, 2019

Hi Jamie,

 

Your problem is due to HSL Protocol. You have a size limit you can't exced 1024 bytes using UDP protocol (I already had the same problem using ASM logs)

 

You have to modify your "HSL Protocol" in your Request login profile: from UDP to TCP.

 

Important: The increased size limits apply only to messages sent to remote syslog server using an iRule and egressing a TMM interface. Messages sent to a remote syslog server directly from syslog will continue to be limited to 1024 bytes.

 

https://support.f5.com/csp/article/K8306?sr=36922430

 

For Info:

 

in the syslog protocol RFC Syslog have a 1KB message limit. This, and other deficiencies in the syslog protocol, is the reason why modern syslog daemons such as rsyslog support enhanced protocols with features such as TCP transport, encryption etc. There was also some effort within the IETF to standardize an improved syslog protocol, which resulted in RFC5424, RFC5425, and RFC 5426. Here, the minimum maximum message size is relatively small (depending on the transport layer), however implementations are allowed to support larger messages as well.

 

https://tools.ietf.org/html/rfc3164

 

Keep me in touch

 

regards