Forum Discussion
9 Replies
Sort By
- Cassalom_58315NimbostratusHi,
- JRahmAdminUse HTTP::payload length in both events to log this information, or just log both in the response:
when HTTP_REQUEST { set request_length [HTTP::payload length] } when HTTP_RESPONSE { log local0. "Request Size: $request_length, Response Size: [HTTP::payload length]" }
- Shruti_Malik_84Nimbostratus
- hooleylistCirrostratusI think the discrepancy you're seeing is because the HTTP::payload length command is giving the bytes of the payload. It does not include the length of the headers. So you're seeing the length of the request as 0 because there were only headers in the request.
- JRahmAdminTCP::payload length would include the http headers and the http payload, if applicable.
- hooleylistCirrostratusHey Citizen,
- JRahmAdminGood point. Would doing a string length on HTTP::request work? I'm grasping at straws, here... :-)
- If it's HTTP, then you can likely use the Content-Length header that the browser and server send to indicate the total length of the upcoming payload.
when HTTP_REQUEST { set request_length [HTTP::header "Content-Length"] } when HTTP_RESPONSE { log local0. "Request Size: $request_length, Response Size: [HTTP::header Content-Length]" }
- hooleylistCirrostratusYeah, I would think adding the HTTP::request and HTTP::payload would do it...