yaml: clarify comment about dump-all-headers

Logs a warning if the value is unknown
Fixes #2810

diff --git a/src/output-json-http.c b/src/output-json-http.c
index eb84e0b1babf80ce4ce7691262fde1253b7f144c..2e3a62ecf2c3175f8f6c487bf12a69aa37918a28 100644 (file)
--- a/src/output-json-http.c
+++ b/src/output-json-http.c
@@ -643,6 +643,10 @@ static OutputInitResult OutputHttpLogInit(ConfNode *conf)
                 http_ctx->flags |= LOG_HTTP_REQ_HEADERS;
             } else if (strcmp(all_headers, "response") == 0) {
                 http_ctx->flags |= LOG_HTTP_RES_HEADERS;
+            } else if (strcmp(all_headers, "none") != 0) {
+                SCLogWarning(SC_WARN_ANOMALY_CONFIG,
+                             "unhandled value for dump-all-headers configuration : %s",
+                             all_headers);
             }
         }
     }

diff --git a/suricata.yaml.in b/suricata.yaml.in
index d78ac70d3e5a60668fcf7fa3b6b2acdbf4d0789b..aacad7411d7908f66689dcc10e36b24b2ad5229f 100644 (file)
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -194,9 +194,9 @@ outputs:
             # custom allows additional http fields to be included in eve-log
             # the example below adds three additional fields when uncommented
             #custom: [Accept-Encoding, Accept-Language, Authorization]
-            # set this value to one among {both, request, response} to dump all
-            # http headers for every http request and/or response
-            # dump-all-headers: [both, request, response]
+            # set this value to one and only one among {both, request, response}
+            # to dump all http headers for every http request and/or response
+            # dump-all-headers: none
         - dns:
             # This configuration uses the new DNS logging format,
             # the old configuration is still available: