pathtofile
Default config file causes error
Using the provided default config file will raise an exception..
https://github.com/pathtofile/Sealighter/blob/main/docs/CONFIGURATION.md#kernel_traces
{
"session_properties": {
"session_name": "My-Process-Trace",
"output_format": "stdout",
"buffering_timout_seconds": 10
},
"user_traces": [
{
"trace_name": "proc_trace",
"provider_name": "Microsoft-Windows-Kernel-Process",
"keywords_any": 16
},
{
"trace_name": "guid_trace",
"provider_name": "{382b5e24-181e-417f-a8d6-2155f749e724}",
"filters": {
"any_of": {
"opcode_is": [1, 2]
}
},
"buffers": [
{
"event_id": 1,
"max_before_buffering": 1,
"fields": [
"ImageName"
]
}
]
},
],
"kernel_traces": [
{
"trace_name": "kernel_proc_trace",
"provider_name": "process",
}
]
}
[json.exception.parse_error.101] parse error at line 31, column 5: syntax error while parsing value - unexpected ']'; expected '[', '{', or a literal
Here you go, try this. There were 2 commas that needed to be removed. below will work { "session_properties": { "session_name": "My-Process-Trace", "output_format": "stdout", "buffering_timout_seconds": 10 }, "user_traces": [ { "trace_name": "proc_trace", "provider_name": "Microsoft-Windows-Kernel-Process", "keywords_any": 16 }, { "trace_name": "guid_trace", "provider_name": "{382b5e24-181e-417f-a8d6-2155f749e724}", "filters": { "any_of": { "opcode_is": [1, 2] } }, "buffers": [ { "event_id": 1, "max_before_buffering": 1, "fields": [ "ImageName" ] } ] } ], "kernel_traces": [ { "trace_name": "kernel_proc_trace", "provider_name": "process" } ] }
