Forum Discussion
9 Replies
- Jad_Tabbara__J1Cirrostratus
Hello,
In fact you can use tcpdump but there is 2 problem with tcpdump :
1) If it is HTTPS, you will be forced to decrypted the traffic otherwise you will not view the request and response in clear text. 2) The second problem is that you must launched manually each time you want to capture traffic
My suggestion is to use irule to log all request and response header. This requires to have a VS with HTTP profile (Layer 7 VS "Standard").
You have to add an irule that will look like this one
Code when HTTP_REQUEST { set request "Client IP : [IP::client_addr] Host: [HTTP::host] [HTTP::method] [HTTP::uri]" } when HTTP_RESPONSE { set response "Status: [HTTP::status] Content-Type: [HTTP::header "Content-Type"] Content-Length: [HTTP::header "Content-Length"] " log local0. "Request --> $request Response --> $response" }
I think that you can find many example of more complete "debug-irule" or you can adapt it to your need
Hope that this helps
- Phong_Tang_7213Altostratus
Hi all,
 
I can use HTTP::collect & HTTP::payload to get full content https://clouddocs.f5.com/api/irules/HTTP__collect.html
 
But when I write to log by "log local0. "$payload". It's not enough content
 
May I write the $payload to a file on big-ip?
 
Thanks
 
Phong
 
- kunjanNimbostratus
To capture request POST you can try this.
when HTTP_REQUEST { if { [HTTP::method] equals "POST" } { catch { HTTP::collect [HTTP::header Content-Length] } } } when HTTP_REQUEST_DATA { log local0. "[HTTP::payload]" }
But I guess the option to troubleshoot for APM SSO, could be to use HTTPWatch or Fiddler.
- Phong_Tang_7213Altostratus
Thank kunjan
I can not touch the Client and Server so I must do on F5. The "log local0. "[HTTP::payload]"" can not log full HTTP payload to logging
Phong
- kunjan_118660Cumulonimbus
To capture request POST you can try this.
when HTTP_REQUEST { if { [HTTP::method] equals "POST" } { catch { HTTP::collect [HTTP::header Content-Length] } } } when HTTP_REQUEST_DATA { log local0. "[HTTP::payload]" }
But I guess the option to troubleshoot for APM SSO, could be to use HTTPWatch or Fiddler.
- Phong_Tang_7213Altostratus
Thank kunjan
I can not touch the Client and Server so I must do on F5. The "log local0. "[HTTP::payload]"" can not log full HTTP payload to logging
Phong
- oscarnet_69487Nimbostratus
HI you can use irule example
code when HTTP_REQUEST { set REQUEST_RECEIVE [clock clicks -milliseconds] set uri [HTTP::uri] set clientip [IP::client_addr] set clientport [TCP::client_port] } when HTTP_RESPONSE { set RESPONSE_RECEIVE [expr {[clock clicks -milliseconds] - $REQUEST_RECEIVE}] log local0. "Server response took longer than ms: $RESPONSE_RECEIVE . TCP connection from [IP::client_addr]:[TCP::client_port] to [LB::server addr]:[LB::server port].Requested URI is ${uri}" }
- kunjanNimbostratus
How about this:
when HTTP_REQUEST { if {[HTTP::method] eq "POST"}{ if {[HTTP::header "Content-Length"] ne "" { HTTP::collect [HTTP::header Content-Length] } else { HTTP::collect 20000 } } } when HTTP_REQUEST_DATA { log local0. "payload is [HTTP::payload]" }