How can I exclude a cookie from being logged to the external log server

Question

Hi;&nbsp;With an AWAF Logging Profile for the purpose of sending Request log messages to a Splunk Server, how can I log all headers except a cookie?&nbsp;&nbsp;KindlyWasfi

daniel_wolf · Accepted Answer

Hi Wasfi,&nbsp;you could mask the cookie value in the logs. The process is described in K52154401.It should look similar to this:&nbsp;KRDaniel

wasfi_bounni · Answer

Thank you Daniel. Although my intention is not to log the Cookie due to its length, not due to its private content. It is consuming most of the log message.

Would masking it reduce its length too?

daniel_wolf · Answer

Nothing that comes to my mind instantaneously. Maybe a filter on the log server rather than on the BIG-IP?

wasfi_bounni · Answer

Not sure if we need to log headers, would you think this can be enabled upon trouble-shooting. There are multiple cookies and their size is massive.

Forum Discussion

How can I exclude a cookie from being logged to the external log server

4 Replies

Recent Discussions

Port Group on F5OS network setting

Advise on setting up IRULE

F5 iRule to replace host to path

google-visualization-issues

google autenticator broken barcode

Related Content

iRule exclude URI

CSV to Address External Datagroup File

Decoding the IPv4 address from the persistence cookie

Cookie-based DDoS protection

Cookie Tampering Protection using F5 Distributed Cloud Platform