diff --git a/bin/tsg_log_field.conf b/bin/tsg_log_field.conf
index cc31923..ffc6625 100644
--- a/bin/tsg_log_field.conf
+++ b/bin/tsg_log_field.conf
@@ -111,3 +111,6 @@ STRING		common_app_behavior	99
 STRING		http_url	100
 STRING		common_app_identify_info	101
 STRING		app_extra_info	102
+STRING	http_request_body	103
+STRING	http_response_body	104
+STRING	mail_eml_file	105
diff --git a/inc/tsg_label.h b/inc/tsg_label.h
index 6ce52cd..51fb96e 100644
--- a/inc/tsg_label.h
+++ b/inc/tsg_label.h
@@ -165,4 +165,20 @@ struct application_behavior
 	char *stream_behavior;
 };
 
+struct http_s3_file
+{
+	char *request_filename;
+	char *response_filename;
+};
+
+struct business_notify_data
+{
+	tsg_protocol_t proto;	//enum _tsg_protocol (tsg_types.h)
+	union
+	{		
+		struct http_s3_file *s3_http;
+		void *pdata;
+	};
+};
+
 #endif
diff --git a/inc/tsg_send_log.h b/inc/tsg_send_log.h
index e0f3abf..e65d433 100644
--- a/inc/tsg_send_log.h
+++ b/inc/tsg_send_log.h
@@ -7,6 +7,14 @@
 #define	PRINTADDR(a, b)	((b)<RLOG_LV_FATAL ? printaddr(&(a->addr), a->threadnum) : "")
 #endif
 
+enum DO_LOG
+{
+	LOG_ABORT=0,
+	LOG_ALL=1,	
+	LOG_NOFILE=2,
+};
+
+
 typedef	struct _tsg_log
 {
 	int result_num;
diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp
index 0dc054f..046ed0f 100644
--- a/src/tsg_entry.cpp
+++ b/src/tsg_entry.cpp
@@ -2269,8 +2269,6 @@ extern "C" int TSG_MASTER_INIT()
 	MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "APP_IDENTIFY_RESULT_BRIDGE", g_tsg_para.bridge_name[BRIDGE_TYPE_APP_IDENTIFY_RESULT],_MAX_TABLE_NAME_LEN, "APP_IDENTIFY_RESULT_BRIDGE");
 	MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "SKETCH_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA],_MAX_TABLE_NAME_LEN, "TSG_CONN_SKETCH_NOTIFY_DATA");
 	MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "MASTER_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA],_MAX_TABLE_NAME_LEN, "TSG_MASTER_NOTIFY_DATA");
-	MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "NOTIFY_EXEC_RESULT_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_CONN_SKETCH_EXEC_RESULT],_MAX_TABLE_NAME_LEN, "TSG_NOTIFICATION_EXECUTION_RESULT");
-	MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "APP_BEHAVIOR_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_APP_BEHAVIOR_RESULT],_MAX_TABLE_NAME_LEN, "TSG_APPLICATION_BEHAVIOR");
 
 	for(i=0; i<BRIDGE_TYPE_MAX; i++)
 	{
diff --git a/src/tsg_entry.h b/src/tsg_entry.h
index 210172b..8bef010 100644
--- a/src/tsg_entry.h
+++ b/src/tsg_entry.h
@@ -143,9 +143,7 @@ enum BRIDGE_TYPE
 {
 	BRIDGE_TYPE_SEND_CONN_SKETCH_DATA=0,
 	BRIDGE_TYPE_RECV_CONN_SKETCH_DATA,
-	BRIDGE_TYPE_CONN_SKETCH_EXEC_RESULT,
 	BRIDGE_TYPE_APP_IDENTIFY_RESULT,
-	BRIDGE_TYPE_APP_BEHAVIOR_RESULT,
 	BRIDGE_TYPE_MAX
 };
 
diff --git a/src/tsg_send_log.cpp b/src/tsg_send_log.cpp
index d686207..b6922d5 100644
--- a/src/tsg_send_log.cpp
+++ b/src/tsg_send_log.cpp
@@ -1231,6 +1231,49 @@ static int set_user_region(struct tsg_log_instance_t *_instance, struct TLD_hand
 	return 0;
 }
 
+static int set_mail_eml(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
+{
+	struct tsg_conn_sketch_notify_data *notify_mail=(struct tsg_conn_sketch_notify_data *)stream_bridge_async_data_get(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA]);
+	if(notify_mail!=NULL && notify_mail->pdata.mail_eml_filename!=NULL)
+	{
+		TLD_delete(_handle, _instance->id2field[LOG_COMMON_MAIL_EML_FILE].name);
+		TLD_append(_handle, _instance->id2field[LOG_COMMON_MAIL_EML_FILE].name, (void *)notify_mail->pdata.mail_eml_filename, TLD_TYPE_STRING);
+		return 1;
+	}
+
+	return 0;
+}
+
+
+static int set_s3_filename(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
+{
+	struct business_notify_data *bnd_label=(struct business_notify_data *)stream_bridge_async_data_get(a_stream, _instance->bridge_id[LOG_BRIDGE_BUSINESS_S3_FILENAME]);
+	if(bnd_label==NULL || bnd_label->pdata==NULL)
+	{
+		return 0;
+	}
+	
+	switch(bnd_label->proto)
+	{
+		case	PROTO_HTTP:
+			TLD_delete(_handle, _instance->id2field[LOG_COMMON_HTTP_REQUEST_S3_FILE].name);				
+			TLD_delete(_handle, _instance->id2field[LOG_COMMON_HTTP_RESPONSE_S3_FILE].name);
+
+			if(bnd_label->s3_http==NULL)
+			{
+				break;
+			}
+
+			TLD_append(_handle, _instance->id2field[LOG_COMMON_HTTP_REQUEST_S3_FILE].name, bnd_label->s3_http->request_filename, TLD_TYPE_STRING);				
+			TLD_append(_handle, _instance->id2field[LOG_COMMON_HTTP_RESPONSE_S3_FILE].name, bnd_label->s3_http->response_filename, TLD_TYPE_STRING);
+			break;
+		default:
+			break;
+	}
+
+	return 1;
+}
+
 int set_nat_linkinfo(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream, char *field_name, int project_id)
 {
 	const char *nat_linkinfo=(const char *)stream_bridge_async_data_get(a_stream, project_id);
@@ -1488,7 +1531,7 @@ int set_application_behavior(struct tsg_log_instance_t *_instance, struct TLD_ha
 	}
 	
 	struct application_behavior *behavior_result=NULL;
-	behavior_result=(struct application_behavior *)stream_bridge_async_data_get(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_APP_BEHAVIOR_RESULT]);
+	behavior_result=(struct application_behavior *)stream_bridge_async_data_get(a_stream, _instance->bridge_id[LOG_BRIDGE_APP_BEHAVIOR_RESULT]);
 	if(behavior_result==NULL)
 	{
 		return 0;
@@ -1508,7 +1551,7 @@ int set_notify_execution_result(struct tsg_log_instance_t *_instance, struct TLD
 	
 	int i=0;
 	struct tsg_notify_execution_result *execution_result=NULL;
-	execution_result=(struct tsg_notify_execution_result *)stream_bridge_async_data_get(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_CONN_SKETCH_EXEC_RESULT]);
+	execution_result=(struct tsg_notify_execution_result *)stream_bridge_async_data_get(a_stream, _instance->bridge_id[LOG_BRIDGE_CONN_SKETCH_EXEC_RESULT]);
 	if(execution_result==NULL)
 	{
 		return 0;
@@ -1619,7 +1662,6 @@ int set_lua_scripts_result(struct tsg_log_instance_t *_instance, struct TLD_hand
 	return 0;
 }
 
-
 int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, struct streaminfo *a_stream)
 {
 	int ret=0;
@@ -1649,7 +1691,7 @@ int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle
 	set_packet_bytes(_instance, _handle, a_stream);	
 	set_session_attributes(_instance, _handle, a_stream);
 	set_lua_scripts_result(_instance, _handle, a_stream);
-		
+	
 	if(is_tunnels(a_stream))
 	{
 		set_common_tunnels(_instance, _handle, a_stream);
@@ -1805,7 +1847,10 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha
 	MESA_load_profile_string_def(conffile, "TSG_LOG", "LINKINFO_FROM_MAC", bridge_name[LOG_BRIDGE_MAC_LINKINFO], sizeof(bridge_name[LOG_BRIDGE_MAC_LINKINFO]), "mirror_linkinfo_from_mac");
 	MESA_load_profile_string_def(conffile, "TSG_LOG", "NAT_C2S_LINKINFO", bridge_name[LOG_BRIDGE_NAT_C2S_LINKINFO], sizeof(bridge_name[LOG_BRIDGE_NAT_C2S_LINKINFO]), "common_link_info_c2s");
 	MESA_load_profile_string_def(conffile, "TSG_LOG", "NAT_S2C_LINKINFO", bridge_name[LOG_BRIDGE_NAT_S2C_LINKINFO], sizeof(bridge_name[LOG_BRIDGE_NAT_S2C_LINKINFO]), "common_link_info_s2c");
-	MESA_load_profile_string_def(conffile, "TSG_LOG", "APP_LUA_SCRIPTS_BRIDGE_NAME", bridge_name[LOG_BRIDGE_APP_LUA_RESULT], sizeof(bridge_name[LOG_BRIDGE_APP_LUA_RESULT]), "LUA_USER_DEFINED_ATTRIBUTE");
+	MESA_load_profile_string_def(conffile, "TSG_LOG", "APP_LUA_SCRIPTS_BRIDGE_NAME", bridge_name[LOG_BRIDGE_APP_LUA_RESULT], sizeof(bridge_name[LOG_BRIDGE_APP_LUA_RESULT]), "LUA_USER_DEFINED_ATTRIBUTE");	
+	MESA_load_profile_string_def(conffile, "TSG_LOG", "BUSINESS_S3_FILENAME", bridge_name[LOG_BRIDGE_BUSINESS_S3_FILENAME], sizeof(bridge_name[LOG_BRIDGE_BUSINESS_S3_FILENAME]), "TSG_BUSINESS_S3_FILENAME");
+	MESA_load_profile_string_def(conffile, "SYSTEM", "APP_BEHAVIOR_BRIDGE_NAME", bridge_name[LOG_BRIDGE_APP_BEHAVIOR_RESULT], sizeof(bridge_name[LOG_BRIDGE_APP_BEHAVIOR_RESULT]), "TSG_APPLICATION_BEHAVIOR");
+	MESA_load_profile_string_def(conffile, "SYSTEM", "NOTIFY_EXEC_RESULT_BRIDGE_NAME", bridge_name[LOG_BRIDGE_CONN_SKETCH_EXEC_RESULT], sizeof(bridge_name[LOG_BRIDGE_CONN_SKETCH_EXEC_RESULT]), "TSG_NOTIFICATION_EXECUTION_RESULT");
 
 	for(i=0; i<LOG_BRIDGE_MAX; i++)
 	{
@@ -2057,8 +2102,19 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl
 				continue;
 				break;
 			case	LOG_ALL:
+				if(log_msg->result[i].action==TSG_ACTION_MONITOR)
+				{
+					set_s3_filename(_instance, _handle, log_msg->a_stream);
+					set_mail_eml(_instance, _handle, log_msg->a_stream);
+				}
 				break;
 			case	LOG_NOFILE:
+				if(log_msg->result[i].action==TSG_ACTION_MONITOR)
+				{					
+					TLD_delete(_handle, _instance->id2field[LOG_COMMON_MAIL_EML_FILE].name);
+					TLD_delete(_handle, _instance->id2field[LOG_COMMON_HTTP_REQUEST_S3_FILE].name);				
+					TLD_delete(_handle, _instance->id2field[LOG_COMMON_HTTP_RESPONSE_S3_FILE].name);
+				}
 				break;
 			default:
 				break;
diff --git a/src/tsg_send_log_internal.h b/src/tsg_send_log_internal.h
index dae4fb5..60201f2 100644
--- a/src/tsg_send_log_internal.h
+++ b/src/tsg_send_log_internal.h
@@ -17,12 +17,6 @@ enum _SEND_MODE
 	KAFKA=1,
 };
 
-enum _DO_LOG
-{
-	LOG_ABORT=0,
-	LOG_NOFILE=1,
-	LOG_ALL=2
-};
 
 typedef enum _tsg_log_field_id
 {
@@ -128,6 +122,9 @@ typedef enum _tsg_log_field_id
 	LOG_HTTP_URL,
 	LOG_COMMON_APP_IDENTIFY_INFO,
 	LOG_COMMON_APP_EXTRACT_INFO,
+	LOG_COMMON_HTTP_REQUEST_S3_FILE,
+	LOG_COMMON_HTTP_RESPONSE_S3_FILE,
+	LOG_COMMON_MAIL_EML_FILE,
 	LOG_COMMON_MAX
 }tsg_log_field_id_t;
 
@@ -163,6 +160,9 @@ enum LOG_BRIDGE
 	LOG_BRIDGE_NAT_C2S_LINKINFO,
 	LOG_BRIDGE_NAT_S2C_LINKINFO,
 	LOG_BRIDGE_APP_LUA_RESULT,
+	LOG_BRIDGE_BUSINESS_S3_FILENAME,
+	LOG_BRIDGE_APP_BEHAVIOR_RESULT,
+	LOG_BRIDGE_CONN_SKETCH_EXEC_RESULT,
 	LOG_BRIDGE_MAX
 };