You can configure FortiWeb to retain packet payload information about XML protection rule violations in attack logs. Packet payloads provide part of the data that matches the regular expression specified in an XML protection rule that FortiWeb enforces. This data could help you improve regular expressions in XML protection rules by preventing false positives and analyzing attack behavior to harden security.
For details about retaining packet payload information, see Enabling log types, packet payload retention, & resource shortage alerts.
To retain packet payload information in attack logs
- Go to Log&Report > Log Config > Other Log Settings.
To access this part of the web UI, your administrator’s account access profile must have Read and Write permission to items in the Log & Report category. For details, see Permissions.
- Under Retain Packet Payload For, enable XML Protection.
- Click Apply.