Viewing packet payloads
If you enabled retention of packet payloads from FortiWeb’s HTTP parser for attack and traffic logs (see
“Enabling log types, packet payload retention, & resource shortage alerts”), you can view a part of the payload as dissected by the HTTP parser, in table form, via the web UI.
Packet payload tables display the decoded packet payload associated with the log message that it caused. This supplements the log message by providing the actual data that triggered the regular expression, which may help you to fine-tune your regular expressions to prevent false positives, or aid in forensic analysis.
To view a packet payload
1. Go to either Log&Report > Log Access > Attack or Log&Report > Log Access > Traffic.
To access this part of the web UI, your administrator’s account access profile must have
Read and
Write permission to items in the
Log & Report category. For details, see
“Permissions”.
2. In the row corresponding to the log message whose packet payload you want to view, click the log message.
There may not be a Packet Log icon for every log message, such as for normal HTTP responses and attack types where you have not enabled packet payload retention.
In a frame below or to the right the log messages (unless you have selected
Detailed Information > Hidden from the menu bar), the log message appears in table format, as well as the decoded HTTP headers and packet payload. Parameters and file uploads are in either the
URL or (for HTTP
POST requests)
Data fields. Cookies can be either in the
Cookie or
Data fields.
See also