Forum Discussion

Andrew_Nascimen's avatar
Andrew_Nascimen
Icon for Nimbostratus rankNimbostratus
Nov 08, 2019
Solved

Request Logging - Session Cookie only

Hit a bit of a snag here. I'm using request logging profiles to log any and all web traffic.

 

We have a case where we need to log the $Cookie header. Easy enough to just say "$Cookie" in the template field. The problem is, it logs every single cookie field. I only need the session cookie. Is there a way to do this with request logging templates?

  • Andrew,

     

    Years ago there was a feature request for logging a specific cookie via a request log profile tracked as ID455091 but I can't find any information that implies it was adopted into a future release.

     

    Can you try the following syntax in your template?

    ${Cookie[first]}

    • Where 'first' is the name of your cookie.

     

    Best,

    Andrew

4 Replies

  • Andrew,

     

    Years ago there was a feature request for logging a specific cookie via a request log profile tracked as ID455091 but I can't find any information that implies it was adopted into a future release.

     

    Can you try the following syntax in your template?

    ${Cookie[first]}

    • Where 'first' is the name of your cookie.

     

    Best,

    Andrew

    • Andrew_Nascimen's avatar
      Andrew_Nascimen
      Icon for Nimbostratus rankNimbostratus

      Andrew,

       

      That did it! Thanks, appreciate the support here. Was losing my mind over this.

       

      That one should probably get documented. Couldn't find any information regarding how to break up a header.

       

      Thanks again.

       

      Best,

       

      Andrew

      • Andrew-F5's avatar
        Andrew-F5
        Icon for Employee rankEmployee

        Andrew,

         

        I'll work internally here at F5 to get some K article in the works detailing the feature.

         

        Best,

        Andrew

  • Andrew-F5 not sure if you put the K article together, but what I've found is you can extract what you observe in the header.  For example, if I use a Cookie=$[Set-Cookie} it logs all cookies with the Set-Cookie value in the response including the attributes which is super helpful.
    Example:
    Cookie=ASP.NET_SessionId=oeevlmocqptxwilyqx1b52ig; path=/; HttpOnly; SameSite=Lax, ASP.NET_SessionId=oeevlmocqptxwilyqx1b52ig; path=/; HttpOnly; SameSite=Lax, _op_aixPageId=1278498b-aa71-48f5-b684-247fd2bf4d03-6812-3828; path=/; HttpOnly, DEV-Cookie=1295065098.64288.0000; path=/; Httponly; Secure.
    In addition, there was a Trace ID that is injected in which I did a Trace_ID=${X-OPNET-Transaction-Trace}, yielded:
    Trace_ID=1278498b-aa71-48f5-b684-247fd2bf4d03-6812-3828

    My only challenge is formatting at this point to make it easy for our Splunk engineers.