Hit a bit of a snag here. I'm using request logging profiles to log any and all web traffic.
We have a case where we need to log the $Cookie header. Easy enough to just say "$Cookie" in the template field. The problem is, it logs every single cookie field. I only need the session cookie. Is there a way to do this with request logging templates?
Years ago there was a feature request for logging a specific cookie via a request log profile tracked as ID455091 but I can't find any information that implies it was adopted into a future release.
Can you try the following syntax in your template?
Years ago there was a feature request for logging a specific cookie via a request log profile tracked as ID455091 but I can't find any information that implies it was adopted into a future release.
Can you try the following syntax in your template?
@Andrew-F5 not sure if you put the K article together, but what I've found is you can extract what you observe in the header. For example, if I use a Cookie=$[Set-Cookie} it logs all cookies with the Set-Cookie value in the response including the attributes which is super helpful. Example: Cookie=ASP.NET_SessionId=oeevlmocqptxwilyqx1b52ig; path=/; HttpOnly; SameSite=Lax, ASP.NET_SessionId=oeevlmocqptxwilyqx1b52ig; path=/; HttpOnly; SameSite=Lax, _op_aixPageId=1278498b-aa71-48f5-b684-247fd2bf4d03-6812-3828; path=/; HttpOnly, DEV-Cookie=1295065098.64288.0000; path=/; Httponly; Secure. In addition, there was a Trace ID that is injected in which I did a Trace_ID=${X-OPNET-Transaction-Trace}, yielded: Trace_ID=1278498b-aa71-48f5-b684-247fd2bf4d03-6812-3828
My only challenge is formatting at this point to make it easy for our Splunk engineers.
