Invalid cookie header: "Set-Cookie: AWSALB
Closed this issue · 9 comments
I have logstash containers in my VM, sending logs to Sumologic.
Seems my logstash container output one message per one log sent to sumologic.
WARNING: Invalid cookie header: "Set-Cookie: AWSALB=[COOKIE GOES HERE]; Expires=Mon, 22 Apr 2019 17:37:58 GMT; Path=/". Invalid 'expires' attribute: Mon, 22 Apr 2019 17:37:58 GMT
Expected Behavior
Such messages should not be visible in the logs
Current Behavior
A multitude of:
Invalid cookie header: "Set-Cookie: AWSALB=[COOKIE GOES HERE]; Expires=Mon, 22 Apr 2019 17:37:58 GMT; Path=/". Invalid 'expires' attribute: Mon, 22 Apr 2019 17:37:58 GMT
Context
- Logstash Version: 6.6.2
- Logstash Docker Image: docker.elastic.co/logstash/logstash:6.6.2
- My output configuration is described below
sumologic {
url => "https://collectors.jp.sumologic.com/receiver/v1/http/<SECRET_TOKEN>"
format => "%{@json}"
source_category => "prod/server/shared/logs"
source_host => "sumo-logstash"
}
do some research and looks like it's because ALB has a too restrict checking on the time format. looking for if we can do some fix on client side or not
Thank you for quick response! Appreciate you help :)
@Mk811 is that possible to try adding :cookies => false in your config and see if it's resolved?
I think there is no reason to keep cookies when talking to HTTP source so maybe it's a reasonable change. If it works, I may add it as default setting (current is true by default)
@bin3377
Great, thank you so much!! I haven't seen any "Set-Cookie: AWSALB" logs for 30 mins after I restarted logstash configured by following output.
Just note, I removed : from your suggestion and use cookies => false.
I appreciate your help!
sumologic {
url => "https://collectors.jp.sumologic.com/receiver/v1/http/<SECRET_TOKEN>"
format => "%{@json}"
source_category => "prod/server/shared/logs"
source_host => "sumo-logstash"
+ cookies => false
}Thanks for the confirmation!
You can keep that setting for now and I will change the default value in next release so the extra setting is not required in future.
# 2. Get organization.id
http {
url => "https://anypoint.mulesoft.com/accounts/api/me"
verb => GET
headers => {
Authorization => "Bearer %{access_token}"
}
cookies => false
}
### Even after setting above (cookies => false), I am getting below error:
[2020-11-03T23:16:42,329][ERROR][logstash.codecs.json ] JSON parse error, original data now in message field {:error=>#<LogStash::Json::ParserError: Unrecognized token 'invalid': was expecting ('true', 'false' or 'null')
at [Source: (String)"invalid csrf token"; line: 1, column: 8]>, :data=>"invalid csrf token"}
[2020-11-03T23:16:42,734][ERROR][logstash.filters.http ] error during HTTP request {:url=>"https://anypoint.mulesoft.com/accounts/api/me", :code=>401, :response=>"Unauthorized"}
I am too getting the same error, added cookies=>false in header
[2020-11-26T18:24:36,896][ERROR][logstash.codecs.json ] JSON parse error, original data now in message field {:error=>#<LogStash::Json::ParserError: Unrecognized token 'invalid': was expecting ('true', 'false' or 'null')
at [Source: (String)"invalid csrf token"; line: 1, column: 8]>, :data=>"invalid csrf token"}
{
"message" => "invalid csrf token",
"@timestamp" => 2020-11-26T12:54:36.898Z,
"@Version" => "1",
"tags" => [
[0] "_jsonparsefailure"
]
}
Hi pankajmangal2007
is it resolved?
Hi pankajmangal2007
is it resolved?
Yes it resolved for me, added below line
cookies => "false"