Where to find raw HTTP Request for ASM violations?
Where can I find the raw HTTP Request that is logged with ASM violations?
The version that is printed to the browser in Security->Event Logs->Application->Requests appears to be inserting a Replacement Character at the location of (presumably) a multibyte UTF-8 character. If I cut and paste the text from the browser, it contains a UTF-8 Left-to-Right Embedding character and the Replacement Character (with words in between). But I'm guessing that Replacement Character is not what the client actually sent, just what I'm ending up with after it's been processed by the web stack.
I have explored the underlying MySQL database a little and the violation itself is logged in PRX.REQUEST_LOG, but the HTTP Request that gets shown when I browse in the web UI is not in that table, nor do I see it in any other table in PRX. It's in the database somewhere, because I can string match it in ibdata1.
Does anyone know which table stores the HTTP Request raw data for ASM violations?
Is there any documentation for the schema of the databases in MySQL on the F5 (DCC, PLC, PRX, WIZ)?