[Bro-Dev] #776: DNS not logging replies on trace
Bro Tracker
bro at tracker.bro-ids.org
Mon Feb 20 07:56:08 PST 2012
#776: DNS not logging replies on trace
----------------------+------------------------
Reporter: robin | Owner:
Type: Problem | Status: new
Priority: Normal | Milestone: Bro2.1
Component: Bro | Version: git/master
Resolution: | Keywords:
----------------------+------------------------
Comment (by jsiwek):
I think by default it just logs the answer section, which is the first
result you show. And the second one logs the authority and additional
sections of the reply because the test suite is loading the
`policy/protocols/dns/auth-addl.bro` script. Here's the result I get when
it's loaded for the single DNS session that you extracted:
{{{
$ bro -r 2009-M57-day11-18.trace.gz.LEDZLphhTIg protocols/dns/auth-
addl.bro
$ tail -n1 dns.log
1258563890.835277 n9yOrUVn8g1 192.168.1.103 51228
192.168.1.1 53 udp 55939 h.zedo.com 1 C_INTERNET
1 A NOERROR F F F T T 0
63.211.147.11 7200.000000
pdns4.ultradns.org,pdns5.ultradns.info,pdns6.ultradns.co.uk,pdns3.ultradns.org,pdns1.ultradns.net,pdns2.ultradns.net
2001:502:4612::1,204.74.115.1,199.7.69.1,199.7.68.1,204.74.114.1
}}}
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/776#comment:2>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list