Best way to capture entire HTTP payload?

Hi,

I'm trying to write an iRule that - in an event of a request that was blocked by ASM - would capture the entire HTTP payload and send it to a remote syslog server, for further analysis. However I am not quite sure what is the best way of capturing the payload - I tried using HTTP::payload, but for some reason it fails to capture the payload if it exceeds a certain (very small in fact) size, and I haven't been able to find a setting that controls it.

So I am thinking that I must be doing it wrong, but I didn't find a good example of the right way to capture the entire payload.

This is (roughly) what my iRule looks like:

when HTTP_REQUEST { set hsl [HSL::open -proto UDP -pool remote_syslog] ... set http_payload [HTTP::payload] log local0.error "Payload is $http_payload" ... }

when ASM_REQUEST_DONE {

HSL::send $hsl $ASMError

}

This is a payload that it successfully capture in its entirety:

   
   
      test
      test
      test
      test
      test
      test
      test
      test
      test
      test
      test
   

But when using the following payload (with an addition of a single element), $http_payload remains completely empty:

   
   
      test
      test
      test
      test
      test
      test
      test
      test
      test
      test
      test
      test
   

Any idea what I'm doing wrong? What is the best way of capturing the whole payload?