HTTP Protocol not sending header


(iemem15) #1

Hi when sending info to elasticsearch I can't see the headers for the http protocol, Im using packet beats beta 2. I started with -d "httpdetailed" and I see the headers, but can't see them in elasticsearch
I've configured de packetbeat.yml like this:

protocols:
  http:

    # Configure the ports where to listen for HTTP traffic. You can disable
    # the http protocol by commenting the list of ports.
    ports: [80, 8080, 8000, 5000, 8002, 5601]

    # Uncomment the following to hide certain parameters in URL or forms attached
    # to HTTP requests. The names of the parameters are case insensitive.
    # The value of the parameters will be replaced with the 'xxxxx' string.
    # This is generally useful for avoiding storing user passwords or other
    # sensitive information.
    # Only query parameters and top level form parameters are replaced.
    # hide_keywords: ['pass', 'password', 'passwd']
  send_response: true
  send_all_headers: true
  send_headers: ["User-Agent", "Cookie", "Set-Cookie"]
  split_coookie: true
  real_ip_header: "X-Forwarded-For"

send_all_headers


(Tudor Golubenco) #2

Unless this got broken while copy & pasting, the send_all_headers: true option needs to be under the http section, so you need to indent all of those options with another two spaces, like this:

protocols:
  http:

    # Configure the ports where to listen for HTTP traffic. You can disable
    # the http protocol by commenting the list of ports.
    ports: [80, 8080, 8000, 5000, 8002, 5601]

    # Uncomment the following to hide certain parameters in URL or forms attached
    # to HTTP requests. The names of the parameters are case insensitive.
    # The value of the parameters will be replaced with the 'xxxxx' string.
    # This is generally useful for avoiding storing user passwords or other
    # sensitive information.
    # Only query parameters and top level form parameters are replaced.
    # hide_keywords: ['pass', 'password', 'passwd']
    send_response: true
    send_all_headers: true
    split_coookie: true
    real_ip_header: "X-Forwarded-For"

(system) #3