Forum Discussion
4 Replies
Sort By
- hooleylistCirrostratusHi Tal,
when HTTP_RESPONSE { only look for TS cookies if it's a response to the specific client if {[IP::addr [IP::client_addr] equals 1.2.3.4]}{ loop through cookie names foreach aCookie [HTTP::cookie names] { log cookie names and values that start with TS if { $aCookie starts_with "TS"}{ log local0. "client: [IP::client_addr] has cookie $aCookie=[HTTP::cookie value $aCookie]" } } } }
- Tal_BenHaim_112NimbostratusHello Aaron,
- hooleylistCirrostratusThat's correct. Here's a version that logs just one entry with the URI and cookie
when HTTP_REQUEST { if {[IP::addr [IP::client_addr] equals 195.250.33.253]}{ set uri [HTTP::uri] } } when HTTP_RESPONSE { only look for TS cookies if it's a response to the specific client if {[info exists uri]}{ loop through cookie names foreach aCookie [HTTP::cookie names] { log cookie names and values that start with TS if { $aCookie starts_with "TS"}{ log local0. "client: [IP::client_addr] received cookie $aCookie=[HTTP::cookie value $aCookie] in response to request for $uri" } } } }
- Tal_BenHaim_112NimbostratusHello Aaron,