Forum Discussion

Tom_Thunem_9204's avatar
Icon for Nimbostratus rankNimbostratus
Oct 17, 2011

payload collection and logging




trying to capture the ENTIRE payload for a particular type of transaction. my review of devcentral had me trying a few different iterations of the rule.



when HTTP_RESPONSE { if { [HTTP::payload] contains "createAuthResponse" } { set content_length [HTTP::header "Content-Length"] HTTP::collect [HTTP::header $content-length] } } when HTTP_RESPONSE_DATA { log local0. "PAYLOAD - [HTTP::payload]" HTTP::release }



when HTTP_RESPONSE { if { [HTTP::payload] contains "createAuthResponse" } { log local0. "Before COLLECT statment" HTTP::collect [HTTP::header Content-Length] log local0. "After COLLECT statment" } } when HTTP_RESPONSE_DATA { log local0. "Logging payload" log local0. "PAYLOAD - [HTTP::payload]" log local0. "Done Logging payload" }



the log entries appear to be showing a truncated payload. how do i get the whole thing?




1 Reply

  • Hi Tom,



    Someone else reported a similar issue to yours. Read this thread and see if it helps you with your problem.





    Hope this helps!