How can I exclude a cookie from being logged to the external log server

Wasfi_Bounni · ‎01-Jul-2021

Hi;

With an AWAF Logging Profile for the purpose of sending Request log messages to a Splunk Server, how can I log all headers except a cookie?

Kindly

Wasfi

Daniel_Wolf · ‎01-Jul-2021

Hi Wasfi,

you could mask the cookie value in the logs. The process is described in K52154401.

It should look similar to this:

KR

Daniel

View solution in original post

Daniel_Wolf · ‎01-Jul-2021

Hi Wasfi,

you could mask the cookie value in the logs. The process is described in K52154401.

It should look similar to this:

KR

Daniel

Wasfi_Bounni · ‎01-Jul-2021

Thank you Daniel. Although my intention is not to log the Cookie due to its length, not due to its private content. It is consuming most of the log message.

Would masking it reduce its length too?

Daniel_Wolf · ‎02-Jul-2021

Nothing that comes to my mind instantaneously. Maybe a filter on the log server rather than on the BIG-IP?

Wasfi_Bounni · ‎04-Jul-2021

Not sure if we need to log headers, would you think this can be enabled upon trouble-shooting. There are multiple cookies and their size is massive.

DevCentral

How can I exclude a cookie from being logged to the external log server

Sep 26th, 2023
MFA required on DevCentral

DevCentral

How can I exclude a cookie from being logged to the external log server

Sep 26th, 2023MFA required on DevCentral

Sep 26th, 2023
MFA required on DevCentral