High Speed Logging in Access policy for Okta SAML
Hi All,
I am looking at logging specific HTTP headers to a Remote syslog server via High Speed logging
I only want to log the Headers however on the Initial ACL pass and HTTP request to try to limit the amount of syslog messaages for each session. At the moment it sends syslog messages for every time the URL is used in the browser but I really only want to log the HTTP headers once....
I have the following irule
when RULE_INIT {
set static::debug 0
}
when ACCESS_ACL_ALLOWED {
set oktaUser [ACCESS::session data get "session.saml.last.identity"]
if { $static::debug } { log local0. "id is $oktaUser" }
if { !([HTTP::header exists "OKTA_USER"]) } {
HTTP::header insert "OKTA_USER" $oktaUser
}
set oktaFirstName [ACCESS::session data get "session.saml.last.attr.name.FirstName"]
if { $static::debug } { log local0. "id is $oktaFirstName" }
if { !([HTTP::header exists "OKTA_FIRSTNAME"]) } {
HTTP::header insert "OKTA_FIRSTNAME" $oktaFirstName
}
set oktaLastName [ACCESS::session data get "session.saml.last.attr.name.LastName"]
if { $static::debug } { log local0. "id is $oktaLastName" }
if { !([HTTP::header exists "OKTA_LASTNAME"]) } {
HTTP::header insert "OKTA_LASTNAME" $oktaLastName
}
set oktaCity [ACCESS::session data get "session.saml.last.attr.name.City"]
if { $static::debug } { log local0. "id is $oktaCity" }
if { !([HTTP::header exists "OKTA_CITY"]) } {
HTTP::header insert "OKTA_CITY" $oktaCity
}
set hsl [HSL::open -publisher /Common/hslsyslog]
set logEntry ""
foreach x [HTTP::header names] {
append logEntry "$x:[HTTP::header value $x]"
}
HSL::send $hsl "$logEntry"
}
Any Ideas on how I can limit the HSL messages down to reduce chatter ?
Cheers
GeoffG