Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

Request Logging - Session Cookie only

Andrew_Nascimen
Nimbostratus
Nimbostratus

Hit a bit of a snag here. I'm using request logging profiles to log any and all web traffic.

 

We have a case where we need to log the $Cookie header. Easy enough to just say "$Cookie" in the template field. The problem is, it logs every single cookie field. I only need the session cookie. Is there a way to do this with request logging templates?

1 ACCEPTED SOLUTION

Andrew-F5
F5 Employee
F5 Employee

Andrew,

 

Years ago there was a feature request for logging a specific cookie via a request log profile tracked as ID455091 but I can't find any information that implies it was adopted into a future release.

 

Can you try the following syntax in your template?

${Cookie[first]}

• Where 'first' is the name of your cookie.

 

Best,

Andrew

View solution in original post

4 REPLIES 4

Andrew-F5
F5 Employee
F5 Employee

Andrew,

 

Years ago there was a feature request for logging a specific cookie via a request log profile tracked as ID455091 but I can't find any information that implies it was adopted into a future release.

 

Can you try the following syntax in your template?

${Cookie[first]}

• Where 'first' is the name of your cookie.

 

Best,

Andrew

Andrew,

 

That did it! Thanks, appreciate the support here. Was losing my mind over this.

 

That one should probably get documented. Couldn't find any information regarding how to break up a header.

 

Thanks again.

 

Best,

 

Andrew

Andrew,

 

I'll work internally here at F5 to get some K article in the works detailing the feature.

 

Best,

Andrew

jba3126
Cirrus
Cirrus

@Andrew-F5 not sure if you put the K article together, but what I've found is you can extract what you observe in the header.  For example, if I use a Cookie=$[Set-Cookie} it logs all cookies with the Set-Cookie value in the response including the attributes which is super helpful.
Example:
Cookie=ASP.NET_SessionId=oeevlmocqptxwilyqx1b52ig; path=/; HttpOnly; SameSite=Lax, ASP.NET_SessionId=oeevlmocqptxwilyqx1b52ig; path=/; HttpOnly; SameSite=Lax, _op_aixPageId=1278498b-aa71-48f5-b684-247fd2bf4d03-6812-3828; path=/; HttpOnly, DEV-Cookie=1295065098.64288.0000; path=/; Httponly; Secure.
In addition, there was a Trace ID that is injected in which I did a Trace_ID=${X-OPNET-Transaction-Trace}, yielded:
Trace_ID=1278498b-aa71-48f5-b684-247fd2bf4d03-6812-3828

My only challenge is formatting at this point to make it easy for our Splunk engineers.