Best way to capture entire HTTP payload?
Hi,
I'm trying to write an iRule that - in an event of a request that was blocked by ASM - would capture the entire HTTP payload and send it to a remote syslog server, for further analysis. However I am not quite sure what is the best way of capturing the payload - I tried using HTTP::payload, but for some reason it fails to capture the payload if it exceeds a certain (very small in fact) size, and I haven't been able to find a setting that controls it.
So I am thinking that I must be doing it wrong, but I didn't find a good example of the right way to capture the entire payload.
This is (roughly) what my iRule looks like:
when HTTP_REQUEST { set hsl [HSL::open -proto UDP -pool remote_syslog] ... set http_payload [HTTP::payload] log local0.error "Payload is $http_payload" ... }
when ASM_REQUEST_DONE {
HSL::send $hsl $ASMError
}
This is a payload that it successfully capture in its entirety:
test
test
test
test
test
test
test
test
test
test
test
But when using the following payload (with an addition of a single element), $http_payload remains completely empty:
test
test
test
test
test
test
test
test
test
test
test
test
Any idea what I'm doing wrong? What is the best way of capturing the whole payload?