Jump to content


Photo

message action logging

Started by Patrick Schöberl , 15 March 2017 - 07:25 AM

Patrick Schöberl Members

Patrick Schöberl
  • 17 posts

Posted 15 March 2017 - 07:25 AM

Hi! We are having a problem regarding audit message action logging:

 

In order to verify FalsePositives we have to analyse all details of the blocked request. Unfortunately the standard error message doesn't provide very detailed information concerning the malicious input data, especially for HTTP-Headers. Hence we want to log all details of the blocked request to the log file. By means of an "AuditMessageAction" we are able to do this for HTTP-Headers, but not for FormData of the request.

“HTTP.REQ.FULL_HEADER.LENGTH.GE(0) + "ALL_REQUEST_HEADERS" + HTTP.REQ.FULL_HEADER”

Additional we want to include the TroubleShooting-IDs
• NS_TRANSACTION_ID
• NS_APPFW_SESSION_ID
into the log entries, so that we are able to retrieve all information of the blocked request by a single SysLog- Query.

Any ideas how to achieve this?

 

Thanks!

Patrick