How to record http body data

After reading the docs, i only found the way to record all the headers in http (by using dump-all-headers: both)
But in the source code of suricata output-json-http.c, i found some keyword like http_request_body or http_response_body in function EveHttpLogJSONBodyBase64
So i think it must be some ways to record all the body data in request or response
Verstion, 6.0.3
yaml configure uploaded
suricata.yaml (70.9 KB)
(the keywords like all-log、mac-log、url-suffix-filter、http-body-store in http section was come from others, but i don’t konw whether it work or not )


I don’t know if you mean this.

I use this configuration in the .yaml:

        - http:
            extended: yes     # enable this for extended logging information
            # custom allows additional HTTP fields to be included in eve-log.
            # the example below adds three additional fields when uncommented
            #custom: [Accept-Encoding, Accept-Language, Authorization]
            custom: [accept, accept-charset, accept-encoding, accept-language,
            accept-datetime, authorization, cache-control, cookie, from,
            max-forwards, origin, pragma, proxy-authorization, range, te, via,
            x-requested-with, dnt, x-forwarded-proto, accept-range, age,
            allow, connection, content-encoding, content-language,
            content-length, content-location, content-md5, content-range,
            content-type, date, etags, last-modified, link, location,
            proxy-authenticate, referrer, refresh, retry-after, server,
            set-cookie, trailer, transfer-encoding, upgrade, vary, warning,
            www-authenticate, x-flash-version, x-authenticated-user]
            # set this value to one and only one from {both, request, response}
            # to dump all HTTP headers for every HTTP request and/or response
            # dump-all-headers: none