08-Nov-2019 10:43
Hit a bit of a snag here. I'm using request logging profiles to log any and all web traffic.
We have a case where we need to log the $Cookie header. Easy enough to just say "$Cookie" in the template field. The problem is, it logs every single cookie field. I only need the session cookie. Is there a way to do this with request logging templates?
Solved! Go to Solution.
11-Nov-2019 09:02
Andrew,
Years ago there was a feature request for logging a specific cookie via a request log profile tracked as ID455091 but I can't find any information that implies it was adopted into a future release.
Can you try the following syntax in your template?
${Cookie[first]}
• Where 'first' is the name of your cookie.
Best,
Andrew
11-Nov-2019 09:02
Andrew,
Years ago there was a feature request for logging a specific cookie via a request log profile tracked as ID455091 but I can't find any information that implies it was adopted into a future release.
Can you try the following syntax in your template?
${Cookie[first]}
• Where 'first' is the name of your cookie.
Best,
Andrew
11-Nov-2019 11:04
Andrew,
That did it! Thanks, appreciate the support here. Was losing my mind over this.
That one should probably get documented. Couldn't find any information regarding how to break up a header.
Thanks again.
Best,
Andrew
11-Nov-2019 11:10
Andrew,
I'll work internally here at F5 to get some K article in the works detailing the feature.
Best,
Andrew
15-Feb-2023 07:29
@Andrew-F5 not sure if you put the K article together, but what I've found is you can extract what you observe in the header. For example, if I use a Cookie=$[Set-Cookie} it logs all cookies with the Set-Cookie value in the response including the attributes which is super helpful.
Example:
Cookie=ASP.NET_SessionId=oeevlmocqptxwilyqx1b52ig; path=/; HttpOnly; SameSite=Lax, ASP.NET_SessionId=oeevlmocqptxwilyqx1b52ig; path=/; HttpOnly; SameSite=Lax, _op_aixPageId=1278498b-aa71-48f5-b684-247fd2bf4d03-6812-3828; path=/; HttpOnly, DEV-Cookie=1295065098.64288.0000; path=/; Httponly; Secure.
In addition, there was a Trace ID that is injected in which I did a Trace_ID=${X-OPNET-Transaction-Trace}, yielded:
Trace_ID=1278498b-aa71-48f5-b684-247fd2bf4d03-6812-3828
My only challenge is formatting at this point to make it easy for our Splunk engineers.