cancel
Showing results for 
Search instead for 
Did you mean: 

log entry cut off - max size for variable or log entry?

dirken
Nimbostratus
Nimbostratus

I am logging the Java Web Token (JWT) during an Oauth login. The iRule works in general, but the JWT is cut off after 890 characters.

Cannot find any reason for it, as log entries and variables should be able to hold more than that. Here's my iRule:

 

when HTTP_REQUEST {    if { [HTTP::header exists Authorization] and [HTTP::header Authorization] contains "Bearer" } {        set jwt [getfield [HTTP::header Authorization] " " 2]        log local0. "JWT: Client [IP::client_addr] arrived with JWT: $jwt"    } }
1 REPLY 1

Hello Dirken.

 

Take into account that log entries have a maximum size per message.

"The syslog facility is limited to logging 1024 bytes per request. Longer strings will be truncated."

REF - https://clouddocs.f5.com/api/irules/log.html

 

Possible solutions:

  1. Use HSL (https://clouddocs.f5.com/api/irules/HSL.html)
  2. Capture traffic using tcpdump and decrypt it later on

 

Regards,

Dario.

Regards,
Dario.