HTTP Gleaning Overview
The device sensor is used to gather endpoint data from network devices. The endpoint information helps to complete the profiling capability of devices. Profiling is the process of determining the endpoint type based on the information gleaned from various protocol packets from an endpoint during its connection to a network. The HTTP Gleaning feature allows the device sensor to extract the HTTP packet type, length, value (TLV) to get information about the type of the end device.
User-Agent is one such TLV that contains information such as end-device operating system details and the browser used for the operation. This information is gleaned by the device sensor. The device classifier can use this information to ascertain the device type.
HTTP User-Agent requires the following functionalities to support HTTP gleaning.
HTTP packet handler
HTTP packet header parser
HTTP TLV gleaner (DSensor shim)
Device sensors use filters to include or exclude specific TLVs to be stored by the device sensor cache. The filter configuration is a two-step process.
Creating a protocol filter list.
Applying the protocol filter list to the filter specification.
The protocol filter list is a protocol-specific list that stores the list of TLVs that are configured as part of this list. You can configure any number of filter lists for a single protocol.
HTTP supports only one type of TLV. Hence, a filter list does not exist. HTTP gleaning is enabled by default. To stop the processing of HTTP TLVs by the device sensor, use the device-sensor filter-spec http command.