https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-do-you-log-HTTPS-headers-and-body/m-p/56946#M12575 <P>I don't think its possible to see all headers/body, even with the log set to "Extended". To quote the help page:<BR />"Extended - Equivalent to the Detailed option, but also shows a full list of URLs and files in the connection or the session. The URLs and files show in the lower pane of the Logs view."<BR /><BR />Thread Prevention has the option to capture packets. You could try to write an IoC for this application and then set the appropriate log options for this protection.</P> Fri, 28 Jun 2019 11:39:44 GMT Benedikt_Weissl 2019-06-28T11:39:44Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-do-you-log-HTTPS-headers-and-body/m-p/56865#M12571 <P>Hello,</P><P>&nbsp;</P><P>We're using 80.20 and we have setup a HTTPS outbound filtering solution to secure our app in the cloud.</P><P>We're able to see in the logs : the URL, the User-Agent and X-Forwarded-For header. But not more !<BR />We would like to see the full body and all headers.<BR />Is-this possible ?</P><P>&nbsp;</P> Thu, 27 Jun 2019 15:28:27 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-do-you-log-HTTPS-headers-and-body/m-p/56865#M12571 sd 2019-06-27T15:28:27Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-do-you-log-HTTPS-headers-and-body/m-p/56888#M12572 Rules that match the relevant traffic must be set to log Extended (as opposed to Detailed or just Log). Thu, 27 Jun 2019 22:25:46 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-do-you-log-HTTPS-headers-and-body/m-p/56888#M12572 PhoneBoy 2019-06-27T22:25:46Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-do-you-log-HTTPS-headers-and-body/m-p/56935#M12573 <P>The rules matching are set to Extended. I'm viewing logs as an admin, is there a trick ?</P> Fri, 28 Jun 2019 08:09:59 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-do-you-log-HTTPS-headers-and-body/m-p/56935#M12573 sd 2019-06-28T08:09:59Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-do-you-log-HTTPS-headers-and-body/m-p/56946#M12575 <P>I don't think its possible to see all headers/body, even with the log set to "Extended". To quote the help page:<BR />"Extended - Equivalent to the Detailed option, but also shows a full list of URLs and files in the connection or the session. The URLs and files show in the lower pane of the Logs view."<BR /><BR />Thread Prevention has the option to capture packets. You could try to write an IoC for this application and then set the appropriate log options for this protection.</P> Fri, 28 Jun 2019 11:39:44 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-do-you-log-HTTPS-headers-and-body/m-p/56946#M12575 Benedikt_Weissl 2019-06-28T11:39:44Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-do-you-log-HTTPS-headers-and-body/m-p/56992#M12574 We certainly do not log the full body of the request.<BR />We do log certain headers for sure, but possibly not all of them.<BR />Can you provide some context as to why the information is needed/relevant? Fri, 28 Jun 2019 21:30:51 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-do-you-log-HTTPS-headers-and-body/m-p/56992#M12574 PhoneBoy 2019-06-28T21:30:51Z