Skip to content

HTTP Plugin

Jacob van Walraven edited this page Feb 28, 2020 · 8 revisions

The HTTP plugin captures the HTTP request/response packets and exports the following fields from the HTTP response packet.

    "flow_id": 10820,
    "source": {
      "ip": "",
    "destination": {
      "ip": "",
    "http": {
      "request": {
        "method": "POST",
        "path": "/v1.php",
        "headers": {
          "Host": "",
          "Connection": "close",
          "Accept-Encoding": "gzip, deflate",
          "Accept": "*/*",
          "SOAPAction": "\"\"",
          "Content-Type": "text/xml; charset=utf-8",
          "Content-Length": "668"
      "response": {
        "code": 200,
        "headers": {
          "Date": "Fri, 28 Feb 2020 01:31:35 GMT",
          "Server": "Apache/2.4.25 (Debian)",
          "Vary": "Accept-Encoding",
          "Content-Encoding": "gzip",
          "Content-Length": "519",
          "Connection": "close",
          "Content-Type": "text/xml; charset=utf-8"
    "module": "http",
    "timestamp": 1582853495000

Configuration Example:

  # HTTP module
    enabled: 1
    # timeout to flush old requests that have not received a response (seconds)
    timeout_request: 20
    # how often to check for timed out requests with no response (seconds)
    timeout_check: 20
Clone this wiki locally