Forum Discussion

neeeewbie's avatar
neeeewbie
Icon for MVP rankMVP
Aug 13, 2025
Solved

Is it possible to properly log protobuf?

I'm currently receiving decoded traffic in span mode.
However, content-type: application/proto is not logged properly.
Is there a way to resolve this issue?

application delivery
devops
security
  • Jeffrey_Granier's avatar
    Jeffrey_Granier
    Aug 14, 2025
    when HTTP_REQUEST {
    # Check for Protobuf content-type
    if {[HTTP::header "Content-Type"] contains "application/proto"} {
        # Collect the payload (up to 1MB; adjust size if needed, but beware of performance impact)
        HTTP::collect [HTTP::header "Content-Length"]
    }
}

when HTTP_REQUEST_DATA {
    # Convert binary payload to hex for logging
    set payload [HTTP::payload]
    binary scan $payload H* hex_payload
    log local0. "Protobuf Payload (Hex): $hex_payload | Client IP: [IP::client_addr] | URI: [HTTP::uri]"
    
    # Optional: Release the payload to continue processing
    HTTP::release
}

    Hello,

     

    You would need to have the traffic sent through a VIP to apply an irule that could potentially do some conversion etc.. I have not tested this so please do this in a non-prod environment!   I highly recommend checking out our F5 AI Assistant Introduces iRules Code Generation for BIG-IP | F5 !

4 Replies

  • Jeffrey_Granier's avatar
    Jeffrey_Granier
    Icon for Employee rankEmployee
    Aug 14, 2025
    when HTTP_REQUEST {
    # Check for Protobuf content-type
    if {[HTTP::header "Content-Type"] contains "application/proto"} {
        # Collect the payload (up to 1MB; adjust size if needed, but beware of performance impact)
        HTTP::collect [HTTP::header "Content-Length"]
    }
}

when HTTP_REQUEST_DATA {
    # Convert binary payload to hex for logging
    set payload [HTTP::payload]
    binary scan $payload H* hex_payload
    log local0. "Protobuf Payload (Hex): $hex_payload | Client IP: [IP::client_addr] | URI: [HTTP::uri]"
    
    # Optional: Release the payload to continue processing
    HTTP::release
}

    Hello,

     

    You would need to have the traffic sent through a VIP to apply an irule that could potentially do some conversion etc.. I have not tested this so please do this in a non-prod environment!   I highly recommend checking out our F5 AI Assistant Introduces iRules Code Generation for BIG-IP | F5 !

      • Jeffrey_Granier's avatar
        Jeffrey_Granier
        Icon for Employee rankEmployee
        Aug 19, 2025

        Its best to reach out to your F5 Account Team/SE on getting AI assistant setup, its currently free 😀 You can also paste in previous iRules and ask the assistant to explain its functions, very helpful when taking over iRules that others have written

         

  • neeeewbie's avatar
    neeeewbie
    Icon for MVP rankMVP
    Aug 18, 2025

    Thank you for sharing your knowledge.
    I checked this iRule. To reduce errors, check the Content-Length before using HTTP::collect.