You can collect and store L7 records, which are individual messages or transactions that occurred over L7 protocols. The examples in this guide will show you how to collect records for any device that sends or receives an HTTP response. First, we will write a trigger to collect information from the built-in HTTP record type. Then, we will assign the trigger to a web server. Finally, we will verify that the records are being sent to the recordstore.
Before you beginThese instructions assume some familiarity with ExtraHop Triggers. New users can learn about triggers in the Triggers Walkthrough.
- Log in to the ExtraHop system through https://<extrahop-hostname-or-IP-address>.
- Click the System Settings icon , and then click Triggers.
- Click Create.
In the Create Trigger pane, complete your information,
similar to the following example:
Name: HTTP Responses
Description: This trigger collects HTTP responses.
Enable debug log: Select the checkbox to enable debugging.
In the right pane, type the following example code:
HTTP.commitRecord() debug ("committing HTTP responses")
This code generates records for the HTTP record type when the HTTP_RESPONSE event occurs and corresponds to the built-in record format for HTTP.
- Click Save and Close.
- Click Assets from the top menu and then click Devices in the left pane.
- Search for an active web server that you want to collect records for. For this example, we will select a web server called web-sea-example.
- Select the checkbox next to the web server (such as web-sea-example).
- Click Assign Trigger from the menu above the table.
From the list, select the checkbox next to the trigger we previously created
named HTTP Responses, and then click Assign Triggers.
Records that meet your criteria are now sent to your recordstore.
- Click Records from the top menu to start a query. If you do not see any HTTP records, wait a few minutes and try again. If no records appear after five minutes, review your configuration or contact ExtraHop Support.