https://community.cisco.com/t5/network-security/asa-http-post-logging/m-p/2154244#M387005 <HTML><HEAD></HEAD><BODY><P>Hello David,</P><P></P><P>Unfortunetely the log keyword used there will only tell you that a match has been done, it will no go any further by specifing the variables used&nbsp; in the HTTP POST.</P><P></P><P>As far as I know there is no such command to accomplish that on the ASA, You could try with an AIP-SSM in conjuction with the ASA and besides genering an alert also generating a packet-capture so you could analize each of the POST TCP HTTP to your server</P><P></P><P>Regards,</P><P></P><P>Julio Carvajal </P><P></P><P>Remember to rate all of the helpful posts</P></BODY></HTML> Tue, 05 Mar 2013 01:50:35 GMT Julio Carvajal 2013-03-05T01:50:35Z https://community.cisco.com/t5/network-security/asa-http-post-logging/m-p/2154243#M387003 <P>Hello dear all,</P><P></P><P>I need to log HTTP post request to webserver standing behind asa firewall, BUT I need to log variables that are inside the post request. I am able to match method post and request body that contains the request and the variables itself but the log file only shows the message about the match not the request body itself.</P><P></P><P>!</P><P>regex matchall "."</P><P>!</P><P>class-map type regex match-any Logregex</P><P> match regex matchall</P><P>!</P><P>class-map type inspect http match-all Loginspect</P><P> match request body regex class Logregex</P><P>!</P><P><SPAN style="font-size: 10pt;">policy-map type inspect http HTTP_POST_GET</SPAN></P><P> parameters</P><P> match request method post</P><P>&nbsp; log</P><P> match request method get</P><P>&nbsp; log</P><P> class Loginspect</P><P>&nbsp; log</P><P>!</P><P></P><P>This config produces fllowing syslog messages:</P><P>for post</P><P>%ASA-5-415009: HTTP - matched request method post in policy-map HTTP_POST_GET, method matched from</P><P>same for get and body</P><P></P><P>Any advise would be very welcome, including just a link to a material to read.</P><P>Thanks in advance.</P> Tue, 26 Mar 2019 00:50:18 GMT https://community.cisco.com/t5/network-security/asa-http-post-logging/m-p/2154243#M387003 David Tsulaia 2019-03-26T00:50:18Z https://community.cisco.com/t5/network-security/asa-http-post-logging/m-p/2154244#M387005 <HTML><HEAD></HEAD><BODY><P>Hello David,</P><P></P><P>Unfortunetely the log keyword used there will only tell you that a match has been done, it will no go any further by specifing the variables used&nbsp; in the HTTP POST.</P><P></P><P>As far as I know there is no such command to accomplish that on the ASA, You could try with an AIP-SSM in conjuction with the ASA and besides genering an alert also generating a packet-capture so you could analize each of the POST TCP HTTP to your server</P><P></P><P>Regards,</P><P></P><P>Julio Carvajal </P><P></P><P>Remember to rate all of the helpful posts</P></BODY></HTML> Tue, 05 Mar 2013 01:50:35 GMT https://community.cisco.com/t5/network-security/asa-http-post-logging/m-p/2154244#M387005 Julio Carvajal 2013-03-05T01:50:35Z https://community.cisco.com/t5/network-security/asa-http-post-logging/m-p/2154245#M387007 <HTML><HEAD></HEAD><BODY><P><SPAN style="font-size: 10pt;">Unfortunately packet capture is not the option, because it requires more resuources than available on the receiving end and the POST caputure/analysis is not one-time thing. Plus we have no AIP-SSM at our disposal =)))</SPAN></P><P></P><P><SPAN style="font-size: 10pt;">Thanks for the reply.</SPAN></P></BODY></HTML> Wed, 06 Mar 2013 09:13:43 GMT https://community.cisco.com/t5/network-security/asa-http-post-logging/m-p/2154245#M387007 David Tsulaia 2013-03-06T09:13:43Z https://community.cisco.com/t5/network-security/asa-http-post-logging/m-p/2154246#M387008 <HTML><HEAD></HEAD><BODY><P>Hello David,</P><P></P><P>Yes, then I do not see a way to do this <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P><P></P><P>Hey man my pleasure to help,</P><P></P><P>Regards,</P></BODY></HTML> Wed, 06 Mar 2013 16:32:21 GMT https://community.cisco.com/t5/network-security/asa-http-post-logging/m-p/2154246#M387008 Julio Carvajal 2013-03-06T16:32:21Z