diff --git a/config/config.go b/config/config.go index ad64be8f66c6..976d1501dd58 100644 --- a/config/config.go +++ b/config/config.go @@ -1,7 +1,6 @@ package config import ( - "github.com/BurntSushi/toml" "github.com/elastic/infrabeat/common/droppriv" "github.com/elastic/infrabeat/outputs" "github.com/elastic/packetbeat/procs" @@ -16,11 +15,11 @@ type Config struct { Procs procs.ProcsConfig RunOptions droppriv.RunOptions Logging Logging - Passwords Passwords Thrift Thrift Http Http Mysql Mysql Pgsql Pgsql + Redis Redis Geoip outputs.Geoip Udpjson Udpjson GoBeacon GoBeacon @@ -50,44 +49,55 @@ type Logging struct { Selectors []string } -type Passwords struct { - Hide_keywords []string - Strip_authorization bool -} - type Protocol struct { + Protocol string Ports []int Send_request bool Send_response bool } type Http struct { - Send_all_headers bool - Send_headers []string - Split_cookie bool - Real_ip_header string - Include_body_for []string + Send_all_headers *bool + Send_headers []string + Split_cookie *bool + Real_ip_header *string + Include_body_for []string + Hide_keywords []string + Strip_authorization *bool + Send_request *bool + Send_response *bool } type Mysql struct { - Max_row_length int - Max_rows int + Max_row_length *int + Max_rows *int + Send_request *bool + Send_response *bool } type Pgsql struct { - Max_row_length int - Max_rows int + Max_row_length *int + Max_rows *int + Send_request *bool + Send_response *bool } type Thrift struct { - String_max_size int - Collection_max_size int - Drop_after_n_struct_fields int - Transport_type string - Protocol_type string - Capture_reply bool - Obfuscate_strings bool + String_max_size *int + Collection_max_size *int + Drop_after_n_struct_fields *int + Transport_type *string + Protocol_type *string + Capture_reply *bool + Obfuscate_strings *bool Idl_files []string + Send_request *bool + Send_response *bool +} + +type Redis struct { + Send_request *bool + Send_response *bool } type Udpjson struct { @@ -103,6 +113,3 @@ type GoBeacon struct { // Config Singleton var ConfigSingleton Config - -// Config metadata singleton -var ConfigMeta toml.MetaData diff --git a/filters_runner.go b/filters_runner.go index 5a0c90de466c..1e98f9a6a853 100644 --- a/filters_runner.go +++ b/filters_runner.go @@ -77,7 +77,8 @@ func LoadConfiguredFilters(config map[string]interface{}) ([]filters.FilterPlugi return nil, fmt.Errorf("No such filter type and no corresponding configuration: %s", filter) } } else { - plugin_config, ok := cfg.(map[string]interface{}) + logp.Debug("filters", "%v", cfg) + plugin_config, ok := cfg.(map[interface{}]interface{}) if !ok { return nil, fmt.Errorf("Invalid configuration for: %s", filter) } diff --git a/filters_runner_test.go b/filters_runner_test.go index 11136839f0b0..9b3d97cefc44 100644 --- a/filters_runner_test.go +++ b/filters_runner_test.go @@ -31,10 +31,10 @@ func TestLoadConfiguredFilters(t *testing.T) { io{ Input: map[string]interface{}{ "filters": []interface{}{"nop1", "nop2"}, - "nop1": map[string]interface{}{ + "nop1": map[interface{}]interface{}{ "type": "nop", }, - "nop2": map[string]interface{}{ + "nop2": map[interface{}]interface{}{ "type": "nop", }, }, @@ -53,7 +53,7 @@ func TestLoadConfiguredFilters(t *testing.T) { io{ Input: map[string]interface{}{ "filters": []interface{}{"nop", "sample1"}, - "sample1": map[string]interface{}{ + "sample1": map[interface{}]interface{}{ "type": "nop", }, }, @@ -95,7 +95,7 @@ func TestLoadConfiguredFiltersNegative(t *testing.T) { io{ Input: map[string]interface{}{ "filters": []interface{}{"nop1", "nop2"}, - "nop1": map[string]interface{}{ + "nop1": map[interface{}]interface{}{ "type": "nop", }, }, @@ -104,7 +104,7 @@ func TestLoadConfiguredFiltersNegative(t *testing.T) { io{ Input: map[string]interface{}{ "filters": []interface{}{"nop1", "nop"}, - "nop1": map[string]interface{}{ + "nop1": map[interface{}]interface{}{ "hype": "nop", }, }, @@ -113,7 +113,7 @@ func TestLoadConfiguredFiltersNegative(t *testing.T) { io{ Input: map[string]interface{}{ "filters": []interface{}{"nop1", "nop"}, - "nop1": map[string]interface{}{ + "nop1": map[interface{}]interface{}{ "type": 1, }, }, diff --git a/main.go b/main.go index ad89feda494d..c53de2f097e5 100644 --- a/main.go +++ b/main.go @@ -19,6 +19,7 @@ import ( "github.com/elastic/infrabeat/filters/nop" "github.com/elastic/infrabeat/logp" "github.com/elastic/infrabeat/outputs" + "gopkg.in/yaml.v2" "github.com/elastic/packetbeat/config" "github.com/elastic/packetbeat/procs" @@ -30,8 +31,6 @@ import ( "github.com/elastic/packetbeat/protos/tcp" "github.com/elastic/packetbeat/protos/thrift" "github.com/elastic/packetbeat/sniffer" - - "github.com/BurntSushi/toml" ) const Version = "0.5.0" @@ -72,7 +71,7 @@ func main() { // Use our own FlagSet, because some libraries pollute the global one var cmdLine = flag.NewFlagSet(os.Args[0], flag.ExitOnError) - configfile := cmdLine.String("c", "packetbeat.conf", "Configuration file") + configfile := cmdLine.String("c", "packetbeat.yaml", "Configuration file") file := cmdLine.String("I", "", "file") loop := cmdLine.Int("l", 1, "Loop file. 0 - loop forever") debugSelectorsStr := cmdLine.String("d", "", "Enable certain debug selectors") @@ -108,8 +107,13 @@ func main() { var err error - if config.ConfigMeta, err = toml.DecodeFile(*configfile, &config.ConfigSingleton); err != nil { - fmt.Printf("TOML config parsing failed on %s: %s. Exiting.\n", *configfile, err) + filecontent, err := ioutil.ReadFile(*configfile) + if err != nil { + fmt.Printf("Fail to read %s: %s. Exiting.\n", *configfile, err) + return + } + if err = yaml.Unmarshal(filecontent, &config.ConfigSingleton); err != nil { + fmt.Printf("YAML config parsing failed on %s: %s. Exiting.\n", *configfile, err) return } @@ -136,6 +140,7 @@ func main() { config.ConfigSingleton.Interfaces.Dumpfile = *dumpfile } + logp.Debug("main", "Configuration %s", config.ConfigSingleton) logp.Debug("main", "Initializing output plugins") if err = outputs.Publisher.Init(*publishDisabled, config.ConfigSingleton.Output, config.ConfigSingleton.Agent); err != nil { @@ -149,7 +154,7 @@ func main() { return } - err = outputs.LoadGeoIPData(config.ConfigSingleton.Geoip, config.ConfigMeta) + err = outputs.LoadGeoIPData(config.ConfigSingleton.Geoip) if err != nil { logp.Critical(err.Error()) return @@ -207,7 +212,7 @@ func main() { } // This needs to be after the sniffer Init but before the sniffer Run. - if err = droppriv.DropPrivileges(config.ConfigSingleton.RunOptions, config.ConfigMeta); err != nil { + if err = droppriv.DropPrivileges(config.ConfigSingleton.RunOptions); err != nil { logp.Critical(err.Error()) return } diff --git a/packetbeat.yaml b/packetbeat.yaml index 180fa6feaf2b..b2ed8b0993a5 100644 --- a/packetbeat.yaml +++ b/packetbeat.yaml @@ -36,37 +36,38 @@ interfaces: # Configure the processes to be monitored and how to find them. The processes can # be found by searching their command line by a given string. -procs: - - process: mysqld - cmdline_grep: mysqld +procs: + monitored: + - process: mysqld + cmdline_grep: mysqld - - process: pgsql - cmdline_grep: postgres + - process: pgsql + cmdline_grep: postgres - - process: nginx - cmdline_grep: nginx + - process: nginx + cmdline_grep: nginx - - process: app - cmdline_grep: gunicorn + - process: app + cmdline_grep: gunicorn # Configure which protocols to monitor and the ports where they are # running. You can disable a given protocol by commenting out its # configuration. protocols: - - protocol: http - ports: [80, 8080, 8000, 5000, 8002] + http: + ports: [80, 8080, 8000, 5000, 8002] - - protocol: mysql - ports: [3306] + mysql: + ports: [3306] - - protocol: pgsql - ports: [5432] + pgsql: + ports: [5432] - - protocol: redis - ports: [6379] + redis: + ports: [6379] - - protocol: thrift - ports: [9090] + thrift: + ports: [9090] ############################# Filters ############################################ @@ -84,35 +85,35 @@ hide_keywords: ['pass', 'password', 'passw'] # You can enable one or multiple outputs by setting enabled option to true. output: - # Elasticsearch as output - # Options: - # host, port: where Elasticsearch is listening on - # save_topology: specify if the topology is saved in Elasticsearch - - type: elasticsearch - enabled: true - host: localhost - port: 9200 - save_topology: true - - # Redis as output - # Options: - # host, port: where Redis is listening on - # save_topology: specify if the topology is saved in Redis - - type: redis - enabled: false - host: localhost - port: 6379 - save_topology: true - - # File as output - # Options - # path: where to save the files - # filename: name of the files - # rotate_every_kb: maximum size of the files in path - # number of files: maximum number of files in path - - type: file - enabled: false - path: "/tmp/packetbeat" - filename: packetbeat - rotate_every_kb: 1000 - number_of_files: 7 + # Elasticsearch as output + # Options: + # host, port: where Elasticsearch is listening on + # save_topology: specify if the topology is saved in Elasticsearch + elasticsearch: + enabled: true + host: localhost + port: 9200 + save_topology: true + + # Redis as output + # Options: + # host, port: where Redis is listening on + # save_topology: specify if the topology is saved in Redis + redis: + enabled: false + host: localhost + port: 6379 + save_topology: true + + # File as output + # Options + # path: where to save the files + # filename: name of the files + # rotate_every_kb: maximum size of the files in path + # number of files: maximum number of files in path + file: + enabled: false + path: "/tmp/packetbeat" + filename: packetbeat + rotate_every_kb: 1000 + number_of_files: 7 diff --git a/procs/procs.go b/procs/procs.go index 4ef6f1f8d804..5f177607cc6e 100644 --- a/procs/procs.go +++ b/procs/procs.go @@ -62,11 +62,12 @@ type ProcessesWatcher struct { type ProcsConfig struct { Dont_read_from_proc bool Max_proc_read_freq int - Monitored map[string]ProcConfig + Monitored []ProcConfig Refresh_pids_freq int } type ProcConfig struct { + Process string Cmdline_grep string } @@ -109,14 +110,14 @@ func (proc *ProcessesWatcher) Init(config ProcsConfig) error { } if proc.ReadFromProc { - for pstr, procConfig := range config.Monitored { + for _, procConfig := range config.Monitored { grepper := procConfig.Cmdline_grep if len(grepper) == 0 { - grepper = pstr + grepper = procConfig.Process } - p, err := NewProcess(proc, pstr, grepper, time.Tick(proc.RefreshPidsFreq)) + p, err := NewProcess(proc, procConfig.Process, grepper, time.Tick(proc.RefreshPidsFreq)) if err != nil { logp.Err("NewProcess: %s", err) } else { diff --git a/protos/http/http.go b/protos/http/http.go index c7f2f97d2609..7effcce11927 100644 --- a/protos/http/http.go +++ b/protos/http/http.go @@ -16,8 +16,6 @@ import ( "github.com/elastic/packetbeat/procs" "github.com/elastic/packetbeat/protos" "github.com/elastic/packetbeat/protos/tcp" - - "github.com/BurntSushi/toml" ) const ( @@ -121,35 +119,42 @@ type Http struct { func (http *Http) InitDefaults() { http.Send_request = false http.Send_response = false + http.Strip_authorization = false } -func (http *Http) SetFromConfig(config *config.Config, meta *toml.MetaData) (err error) { - if meta.IsDefined("protocols", "http", "send_request") { - http.Send_request = config.Protocols["http"].Send_request +func (http *Http) SetFromConfig() (err error) { + if config.ConfigSingleton.Http.Send_request != nil { + http.Send_request = *config.ConfigSingleton.Http.Send_request + } + if config.ConfigSingleton.Http.Send_response != nil { + http.Send_response = *config.ConfigSingleton.Http.Send_response } - if meta.IsDefined("protocols", "http", "send_response") { - http.Send_response = config.Protocols["http"].Send_response + http.Hide_keywords = config.ConfigSingleton.Http.Hide_keywords + if config.ConfigSingleton.Http.Strip_authorization != nil { + http.Strip_authorization = *config.ConfigSingleton.Http.Strip_authorization } - http.Hide_keywords = config.Passwords.Hide_keywords - http.Strip_authorization = config.Passwords.Strip_authorization - if config.Http.Send_all_headers { + if config.ConfigSingleton.Http.Send_all_headers != nil { http.Send_headers = true http.Send_all_headers = true } else { - if len(config.Http.Send_headers) > 0 { + if len(config.ConfigSingleton.Http.Send_headers) > 0 { http.Send_headers = true http.Headers_whitelist = map[string]bool{} - for _, hdr := range config.Http.Send_headers { + for _, hdr := range config.ConfigSingleton.Http.Send_headers { http.Headers_whitelist[strings.ToLower(hdr)] = true } } } - http.Split_cookie = config.Http.Split_cookie + if config.ConfigSingleton.Http.Split_cookie != nil { + http.Split_cookie = *config.ConfigSingleton.Http.Split_cookie + } - http.Real_ip_header = strings.ToLower(config.Http.Real_ip_header) + if config.ConfigSingleton.Http.Real_ip_header != nil { + http.Real_ip_header = strings.ToLower(*config.ConfigSingleton.Http.Real_ip_header) + } return nil } @@ -164,7 +169,7 @@ func (http *Http) Init(test_mode bool, results chan common.MapStr) error { http.InitDefaults() if !test_mode { - err := http.SetFromConfig(&config.ConfigSingleton, &config.ConfigMeta) + err := http.SetFromConfig() if err != nil { return err } diff --git a/protos/mysql/mysql.go b/protos/mysql/mysql.go index 95234c527650..a01db6e243ef 100644 --- a/protos/mysql/mysql.go +++ b/protos/mysql/mysql.go @@ -121,17 +121,17 @@ func (mysql *Mysql) InitDefaults() { } func (mysql *Mysql) setFromConfig() error { - if config.ConfigSingleton.Mysql.Max_row_length > 0 { - mysql.maxRowLength = config.ConfigSingleton.Mysql.Max_row_length + if config.ConfigSingleton.Mysql.Max_row_length != nil { + mysql.maxRowLength = *config.ConfigSingleton.Mysql.Max_row_length } - if config.ConfigSingleton.Mysql.Max_rows > 0 { - mysql.maxStoreRows = config.ConfigSingleton.Mysql.Max_rows + if config.ConfigSingleton.Mysql.Max_rows != nil { + mysql.maxStoreRows = *config.ConfigSingleton.Mysql.Max_rows } - if config.ConfigMeta.IsDefined("protocols", "mysql", "send_request") { - mysql.Send_request = config.ConfigSingleton.Protocols["mysql"].Send_request + if config.ConfigSingleton.Mysql.Send_request != nil { + mysql.Send_request = *config.ConfigSingleton.Mysql.Send_request } - if config.ConfigMeta.IsDefined("protocols", "mysql", "send_response") { - mysql.Send_response = config.ConfigSingleton.Protocols["mysql"].Send_response + if config.ConfigSingleton.Mysql.Send_response != nil { + mysql.Send_response = *config.ConfigSingleton.Mysql.Send_response } return nil } diff --git a/protos/pgsql/pgsql.go b/protos/pgsql/pgsql.go index 870db92997a7..fa503348982b 100644 --- a/protos/pgsql/pgsql.go +++ b/protos/pgsql/pgsql.go @@ -113,17 +113,17 @@ func (pgsql *Pgsql) InitDefaults() { } func (pgsql *Pgsql) setFromConfig() error { - if config.ConfigSingleton.Pgsql.Max_row_length > 0 { - pgsql.maxRowLength = config.ConfigSingleton.Pgsql.Max_row_length + if config.ConfigSingleton.Pgsql.Max_row_length != nil { + pgsql.maxRowLength = *config.ConfigSingleton.Pgsql.Max_row_length } - if config.ConfigSingleton.Pgsql.Max_rows > 0 { - pgsql.maxStoreRows = config.ConfigSingleton.Pgsql.Max_rows + if config.ConfigSingleton.Pgsql.Max_rows != nil { + pgsql.maxStoreRows = *config.ConfigSingleton.Pgsql.Max_rows } - if config.ConfigMeta.IsDefined("protocols", "pgsql", "send_request") { - pgsql.Send_request = config.ConfigSingleton.Protocols["pgsql"].Send_request + if config.ConfigSingleton.Pgsql.Send_request != nil { + pgsql.Send_request = *config.ConfigSingleton.Pgsql.Send_request } - if config.ConfigMeta.IsDefined("protocols", "pgsql", "send_response") { - pgsql.Send_response = config.ConfigSingleton.Protocols["pgsql"].Send_response + if config.ConfigSingleton.Pgsql.Send_response != nil { + pgsql.Send_response = *config.ConfigSingleton.Pgsql.Send_response } return nil } diff --git a/protos/redis/redis.go b/protos/redis/redis.go index d6000ab30d25..309f3609afe1 100644 --- a/protos/redis/redis.go +++ b/protos/redis/redis.go @@ -251,11 +251,11 @@ func (redis *Redis) InitDefaults() { } func (redis *Redis) setFromConfig() error { - if config.ConfigMeta.IsDefined("protocols", "redis", "send_request") { - redis.Send_request = config.ConfigSingleton.Protocols["redis"].Send_request + if config.ConfigSingleton.Redis.Send_request != nil { + redis.Send_request = *config.ConfigSingleton.Redis.Send_request } - if config.ConfigMeta.IsDefined("protocols", "redis", "send_response") { - redis.Send_response = config.ConfigSingleton.Protocols["redis"].Send_response + if config.ConfigSingleton.Redis.Send_response != nil { + redis.Send_response = *config.ConfigSingleton.Redis.Send_response } return nil } diff --git a/protos/thrift/thrift.go b/protos/thrift/thrift.go index 86de8596fa36..fe4f404bbfbb 100644 --- a/protos/thrift/thrift.go +++ b/protos/thrift/thrift.go @@ -177,17 +177,17 @@ func (thrift *Thrift) InitDefaults() { func (thrift *Thrift) readConfig() error { var err error - if config.ConfigMeta.IsDefined("thrift", "string_max_size") { - thrift.StringMaxSize = config.ConfigSingleton.Thrift.String_max_size + if config.ConfigSingleton.Thrift.String_max_size != nil { + thrift.StringMaxSize = *config.ConfigSingleton.Thrift.String_max_size } - if config.ConfigMeta.IsDefined("thrift", "collection_max_size") { - thrift.CollectionMaxSize = config.ConfigSingleton.Thrift.Collection_max_size + if config.ConfigSingleton.Thrift.Collection_max_size != nil { + thrift.CollectionMaxSize = *config.ConfigSingleton.Thrift.Collection_max_size } - if config.ConfigMeta.IsDefined("thrift", "drop_after_n_struct_fields") { - thrift.DropAfterNStructFields = config.ConfigSingleton.Thrift.Drop_after_n_struct_fields + if config.ConfigSingleton.Thrift.Drop_after_n_struct_fields != nil { + thrift.DropAfterNStructFields = *config.ConfigSingleton.Thrift.Drop_after_n_struct_fields } - if config.ConfigMeta.IsDefined("thrift", "transport_type") { - switch config.ConfigSingleton.Thrift.Transport_type { + if config.ConfigSingleton.Thrift.Transport_type != nil { + switch *config.ConfigSingleton.Thrift.Transport_type { case "socket": thrift.TransportType = ThriftTSocket case "framed": @@ -196,32 +196,32 @@ func (thrift *Thrift) readConfig() error { return fmt.Errorf("Transport type `%s` not known", config.ConfigSingleton.Thrift.Transport_type) } } - if config.ConfigMeta.IsDefined("thrift", "protocol_type") { - switch config.ConfigSingleton.Thrift.Transport_type { + if config.ConfigSingleton.Thrift.Protocol_type != nil { + switch *config.ConfigSingleton.Thrift.Protocol_type { case "binary": thrift.ProtocolType = ThriftTBinary default: return fmt.Errorf("Protocol type `%s` not known", config.ConfigSingleton.Thrift.Protocol_type) } } - if config.ConfigMeta.IsDefined("thrift", "capture_reply") { - thrift.CaptureReply = config.ConfigSingleton.Thrift.Capture_reply + if config.ConfigSingleton.Thrift.Capture_reply != nil { + thrift.CaptureReply = *config.ConfigSingleton.Thrift.Capture_reply } - if config.ConfigMeta.IsDefined("thrift", "obfuscate_strings") { - thrift.ObfuscateStrings = config.ConfigSingleton.Thrift.Obfuscate_strings + if config.ConfigSingleton.Thrift.Obfuscate_strings != nil { + thrift.ObfuscateStrings = *config.ConfigSingleton.Thrift.Obfuscate_strings } - if config.ConfigMeta.IsDefined("thrift", "idl_files") { + if len(config.ConfigSingleton.Thrift.Idl_files) > 0 { thrift.Idl, err = NewThriftIdl(config.ConfigSingleton.Thrift.Idl_files) if err != nil { return err } } - if config.ConfigMeta.IsDefined("protocols", "thrift", "send_request") { - thrift.Send_request = config.ConfigSingleton.Protocols["thrift"].Send_request + if config.ConfigSingleton.Thrift.Send_request != nil { + thrift.Send_request = *config.ConfigSingleton.Thrift.Send_request } - if config.ConfigMeta.IsDefined("protocols", "thrift", "send_response") { - thrift.Send_response = config.ConfigSingleton.Protocols["thrift"].Send_response + if config.ConfigSingleton.Thrift.Send_response != nil { + thrift.Send_response = *config.ConfigSingleton.Thrift.Send_response } return nil diff --git a/tests/pbtests/packetbeat.py b/tests/pbtests/packetbeat.py index 783f0d775092..3dc49788cab2 100644 --- a/tests/pbtests/packetbeat.py +++ b/tests/pbtests/packetbeat.py @@ -50,7 +50,7 @@ class TestCase(unittest.TestCase): def run_packetbeat(self, pcap, cmd="../packetbeat", - config="packetbeat.conf", + config="packetbeat.yaml", output="packetbeat.log", extra_args=[], debug_selectors=[]): @@ -80,7 +80,7 @@ def run_packetbeat(self, pcap, def start_packetbeat(self, cmd="../packetbeat", - config="packetbeat.conf", + config="packetbeat.yaml", output="packetbeat.log", extra_args=[], debug_selectors=[]): @@ -102,8 +102,8 @@ def start_packetbeat(self, proc.start() return proc - def render_config_template(self, template="packetbeat.conf.j2", - output="packetbeat.conf", **kargs): + def render_config_template(self, template="packetbeat.yaml.j2", + output="packetbeat.yaml", **kargs): template = self.template_env.get_template(template) kargs["pb"] = self output_str = template.render(**kargs) diff --git a/tests/templates/packetbeat.yaml.j2 b/tests/templates/packetbeat.yaml.j2 index 2c19fbd8468b..cae1b7d5ff36 100644 --- a/tests/templates/packetbeat.yaml.j2 +++ b/tests/templates/packetbeat.yaml.j2 @@ -63,8 +63,6 @@ procs: protocols: http: ports: [{{ http_ports|default([80])|join(", ") }}] - {% if http_send_request %}send_request: true{% endif %} - {% if http_send_response %}send_response: true{% endif %} mysql: ports: [{{ mysql_ports|default([3306])|join(", ") }}] @@ -92,16 +90,18 @@ thrift: {% if thrift_send_response %} send_response: true{% endif %} http: +{% if http_send_request %} send_request: true{% endif %} +{% if http_send_response %} send_response: true{% endif %} {% if http_send_all_headers %} send_all_headers: true{% endif %} {% if http_split_cookie %} split_cookie: true{% endif %} -{% if http_send_headers -%} +{%- if http_send_headers %} send_headers: [{%- for hdr in http_send_headers -%} "{{ hdr }}" {%- if not loop.last %}, {% endif -%} {%- endfor -%} ]{%- endif %} {% if http_real_ip_header %} real_ip_header: "{{ http_real_ip_header }}"{% endif %} -{% if http_include_body_for -%} +{%- if http_include_body_for %} include_body_for: [{%- for ct in http_include_body_for -%} "{{ ct }}" {%- if not loop.last %}, {% endif -%} @@ -160,7 +160,7 @@ filter: ############################# GeoIP ############################################ {% if geoip_paths is not none -%} geoip: -paths: [ + paths: [ {%- for path in geoip_paths -%} "{{ pb.working_dir + '/' + path }}" {%- if not loop.last %}, {% endif -%} diff --git a/tests/test_0016_nop_filter.py b/tests/test_0016_nop_filter.py index a0bba200e972..af524efcde8f 100644 --- a/tests/test_0016_nop_filter.py +++ b/tests/test_0016_nop_filter.py @@ -32,7 +32,7 @@ def test_multiple_nops(self): ) self.run_packetbeat(pcap="mysql_with_whitespaces.pcap", - debug_selectors=["main"]) + debug_selectors=["main", "filters"]) objs = self.read_output() assert all([o["type"] == "mysql" for o in objs])