Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

log entry cut off - max size for variable or log entry?

dirken
Nimbostratus
Nimbostratus

‎07-Sep-2021 03:54 - last edited on ‎04-Jun-2023 19:18 by Fog

I am logging the Java Web Token (JWT) during an Oauth login. The iRule works in general, but the JWT is cut off after 890 characters.

Cannot find any reason for it, as log entries and variables should be able to hold more than that. Here's my iRule:

when HTTP_REQUEST {

   if { [HTTP::header exists Authorization] and [HTTP::header Authorization] contains "Bearer" } {
       set jwt [getfield [HTTP::header Authorization] " " 2]
       log local0. "JWT: Client [IP::client_addr] arrived with JWT: $jwt"
   }
}
Labels:
0 Kudos
1 REPLY 1

Dario_Garrido
MVP
MVP

‎07-Sep-2021 11:26

Hello Dirken.

 

Take into account that log entries have a maximum size per message.

"The syslog facility is limited to logging 1024 bytes per request. Longer strings will be truncated."

REF - https://clouddocs.f5.com/api/irules/log.html

 

Possible solutions:

  1. Use HSL (https://clouddocs.f5.com/api/irules/HSL.html)
  2. Capture traffic using tcpdump and decrypt it later on

 

Regards,

Dario.

Regards,
Dario.
0 Kudos
Copyright © 2023 Khoros, LLC