Hi! We are having a problem regarding audit message action logging:
In order to verify FalsePositives we have to analyse all details of the blocked request. Unfortunately the standard error message doesn't provide very detailed information concerning the malicious input data, especially for HTTP-Headers. Hence we want to log all details of the blocked request to the log file. By means of an "AuditMessageAction" we are able to do this for HTTP-Headers, but not for FormData of the request.
“HTTP.REQ.FULL_HEADER.LENGTH.GE(0) + "ALL_REQUEST_HEADERS" + HTTP.REQ.FULL_HEADER”
Additional we want to include the TroubleShooting-IDs
into the log entries, so that we are able to retrieve all information of the blocked request by a single SysLog- Query.
Any ideas how to achieve this?