Tom_Thunem_9204
Oct 17, 2011Nimbostratus
payload collection and logging
Hello,
trying to capture the ENTIRE payload for a particular type of transaction. my review of devcentral had me trying a few different iterations of the rule.
when HTTP_RESPONSE { if { [HTTP::payload] contains "createAuthResponse" } { set content_length [HTTP::header "Content-Length"] HTTP::collect [HTTP::header $content-length] } } when HTTP_RESPONSE_DATA { log local0. "PAYLOAD - [HTTP::payload]" HTTP::release }
when HTTP_RESPONSE { if { [HTTP::payload] contains "createAuthResponse" } { log local0. "Before COLLECT statment" HTTP::collect [HTTP::header Content-Length] log local0. "After COLLECT statment" } } when HTTP_RESPONSE_DATA { log local0. "Logging payload" log local0. "PAYLOAD - [HTTP::payload]" log local0. "Done Logging payload" }
the log entries appear to be showing a truncated payload. how do i get the whole thing?
thanks