Forum Discussion
Request Logging - Session Cookie only
Hit a bit of a snag here. I'm using request logging profiles to log any and all web traffic.
We have a case where we need to log the $Cookie header. Easy enough to just say "$Cookie" in the template field. The problem is, it logs every single cookie field. I only need the session cookie. Is there a way to do this with request logging templates?
try below sample
create host entry in f5 for email gateway
mail.ae - 10.1.122.13
cp /config/user_alert.conf /config/user_alert.conf.SOL3727
modify /sys outbound-smtp mailhub mail.ae:25
save /sys config
echo "ssmtp test mail" | mail -vs "Test email for SOL13180" abc@mail.ae
create /sys management-route 10.1.122.13/32 gateway 10.x.x.1
echo "ssmtp test mail" | mail -vs "f5 test mail" abc@mail.ae
tmsh restart /sys service alertd
Full pool email alert
custome pool email alerts
==================
user alert file
vi /config/user_alert.conf
alert BIGIP_MCPD_MCPDERR_POOL_MEMBER_MON_DOWN "Pool (.*?) member (.*?):(.*?) monitor status (.*?)." {
email toaddress="netsec@mail..ae"
fromaddress="primarybox@mail.ae"
body="A pool member went down"
}
alert BIGIP_MCPD_MCPDERR_POOL_MEMBER_MON_UP "Pool (.*?) member (.*?):(.*?) monitor status up." {
email toaddress="netsec@mail.ae"
fromaddress="primarybox@mail.ae"
body="A pool member came back up"
}
4 Replies
Andrew,
Years ago there was a feature request for logging a specific cookie via a request log profile tracked as ID455091 but I can't find any information that implies it was adopted into a future release.
Can you try the following syntax in your template?
${Cookie[first]}
• Where 'first' is the name of your cookie.
Best,
Andrew
Andrew,
That did it! Thanks, appreciate the support here. Was losing my mind over this.
That one should probably get documented. Couldn't find any information regarding how to break up a header.
Thanks again.
Best,
Andrew
Andrew,
I'll work internally here at F5 to get some K article in the works detailing the feature.
Best,
Andrew
Andrew-F5 not sure if you put the K article together, but what I've found is you can extract what you observe in the header. For example, if I use a Cookie=$[Set-Cookie} it logs all cookies with the Set-Cookie value in the response including the attributes which is super helpful.
Example:
Cookie=ASP.NET_SessionId=oeevlmocqptxwilyqx1b52ig; path=/; HttpOnly; SameSite=Lax, ASP.NET_SessionId=oeevlmocqptxwilyqx1b52ig; path=/; HttpOnly; SameSite=Lax, _op_aixPageId=1278498b-aa71-48f5-b684-247fd2bf4d03-6812-3828; path=/; HttpOnly, DEV-Cookie=1295065098.64288.0000; path=/; Httponly; Secure.
In addition, there was a Trace ID that is injected in which I did a Trace_ID=${X-OPNET-Transaction-Trace}, yielded:
Trace_ID=1278498b-aa71-48f5-b684-247fd2bf4d03-6812-3828
My only challenge is formatting at this point to make it easy for our Splunk engineers.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com