-
Notifications
You must be signed in to change notification settings - Fork 0
HTTP Plugin
Jacob van Walraven edited this page Mar 2, 2020
·
8 revisions
The HTTP plugin captures the HTTP request/response packets and exports the following fields from the HTTP response packet.
{
"flow_id": 10820,
"source": {
"ip": "xxx.xxx.xxx.xxx",
},
"destination": {
"ip": "yyy.yyy.yyy.yyy",
},
"http": {
"request": {
"method": "POST",
"path": "/v1.php",
# ALL HEADERS CONTAINED IN THE REQUEST WILL BE WITHIN HEADERS
"headers": {
"Host": "host10.api.somedomain.com",
"Connection": "close",
"Accept-Encoding": "gzip, deflate",
"Accept": "*/*",
"SOAPAction": "\"http://api.somedomain.com/v1.php\"",
"Content-Type": "text/xml; charset=utf-8",
"Content-Length": "668"
}
},
"response": {
"code": 200,
# ALL HEADERS CONTAINED IN THE RESPONSE WILL BE WITHIN HEADERS
"headers": {
"Date": "Fri, 28 Feb 2020 01:31:35 GMT",
"Server": "Apache/2.4.25 (Debian)",
"Vary": "Accept-Encoding",
"Content-Encoding": "gzip",
"Content-Length": "519",
"Connection": "close",
"Content-Type": "text/xml; charset=utf-8"
}
}
},
"module": "http",
"timestamp": 1582853495000
}
# HTTP module
http:
enabled: 1
# timeout to flush old requests that have not received a response (seconds)
timeout_request: 20
# how often to check for timed out requests with no response (seconds)
timeout_check: 20