[Bro] How filter machine name registration?
seth at icir.org
Mon Oct 27 07:56:48 PDT 2014
On Oct 27, 2014, at 4:55 AM, Vito Logrillo <vitologrillo at gmail.com> wrote:
> I can see the presence of an additional record in the packet (msg$num_addl =1), but i can't see its value.
> How can i do in Bro?
Long ago there was a decision in the DNS analyzer to not process auth and addl records due to load issues. If you make the setting change that I recommended, you can get the extra DNS records.
International Computer Science Institute
(Bro) because everyone has a network
More information about the Bro