[feature] Ability to set user-agent variable for http_output #1850
Conversation
Signed-off-by: Marcin Kowalski <marcin.kowalski@assecobs.pl>
|
Welcome @yoshi314! It looks like this is your first PR to falcosecurity/falco 🎉 |
userspace/falco/outputs_http.cpp
Outdated
| @@ -34,11 +34,14 @@ void falco::outputs::output_http::output(const message *msg) | |||
| } else { | |||
| slist1 = curl_slist_append(slist1, "Content-Type: text/plain"); | |||
| } | |||
| slist1 = curl_slist_append(slist1, m_oc.options["user_agent"].c_str()); | |||
|
Hi! Thank you for opening this PR! It would be great if you could force-push with these changes in place! |
|
On top of @FedeDP's comments, I would also add an |
|
ok, i'll see to it later today. Now trying to figure out how to sign the past commits. |
|
Hi! |
yoshi314
force-pushed
the
useragent_variable_2
branch
from
22418d2 to
14d11b9
Compare
|
I hope that fixed it. Also, what exactly is that remark with spacing about? A case of tabs/spaces or something else? |
|
Yeah, it looks like it worked (You can see your sign-off on the commit message). The spacing issue seems to be that |
|
It appears vim can be deceiving with indentation. Should be fixed now. |
add sample config entry for user-agent variable Signed-off-by: Marcin Kowalski <marcin.kowalski@assecobs.pl>
userspace/falco/outputs_http.cpp
Outdated
| @@ -34,11 +34,14 @@ void falco::outputs::output_http::output(const message *msg) | |||
| } else { | |||
| slist1 = curl_slist_append(slist1, "Content-Type: text/plain"); | |||
| } | |||
| slist1 = curl_slist_append(slist1, m_oc.options["user_agent"].c_str()); | |||
There was a problem hiding this comment.
By testing it locally, I was not able to get the user agent header (but maybe it was me). Either way, not setting the user-agent: prefix properly would result in an invalid header I think. Would it be better to use this instead?
curl_easy_setopt(curl, CURLOPT_USERAGENT, m_oc.options["user_agent"].c_str());
There was a problem hiding this comment.
i'll have to retest this in my setup. I was pretty sure that worked on my case, when checking logs on remote end.
There was a problem hiding this comment.
Oh, i think i missd the "User-Agent:" string from the header, since i used a predefined string before.
So now it only passes the variable without that prefix.
yeah, your proposal looks better. I'll try to go with that. Somehow i missed this option.
|
@yoshi314 new changes look good. Please sign-off the last commit and we should be good to go! |
yoshi314
force-pushed
the
useragent_variable_2
branch
from
9491557 to
278defd
Compare
yoshi314
force-pushed
the
useragent_variable_2
branch
from
278defd to
9491557
Compare
yoshi314
force-pushed
the
useragent_variable_2
branch
from
9491557 to
2cc626c
Compare
…itched to dedicated curl's method to do this Signed-off-by: Marcin Kowalski <marcin.kowalski@assecobs.pl>
|
LGTM label has been added. Git tree hash: c2fb4965c77ef5daef745b789eef6fb297c7e6ed
|
|
/milestone 0.31.0 |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jasondellaluce, leogr, yoshi314 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/kind feature
/area engine
What this PR does / why we need it:
This allows to identify falco's datastream sent via http_output on the receiving end.
In my particular case that is logstash with its http listener.
Since I have multiple processes submitting via http from the same machine, I need a way to distinguish falco's events from other incoming data streams for further parsing and processing.
Which issue(s) this PR fixes:
Fixes #1831
Does this PR introduce a user-facing change?:
A config entry of user_agent: "some string" is now supported under http_output. If not provided, the value defaults to "falcosecurity/falco".
Setting it to "" ought to restore previous behaviour (that field appears to be present in http headers, but with blank value).