[Bro-Dev] [JIRA] (BIT-1156) DNS analyzer parses TXT records imcompletely

[Jon Siwek (JIRA)]

    [ https://bro-tracker.atlassian.net/browse/BIT-1156?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16301#comment-16301 ] 

Jon Siwek commented on BIT-1156:
--------------------------------

{quote}
I don't really like the "TXT ddd xxxx" logging but don't have much of a better idea either right now.
{quote}

Yeah, it was just that the DNS logs for such TXT RRs are pretty ambiguous without doing something like that or overhauling how dns.log is formatted (don't have a fully formed idea, but whenever I try to work w/ those scripts it always seems like the scope of what it's doing is too broad/general to do any particular thing accurately/well).

> DNS analyzer parses TXT records imcompletely
> --------------------------------------------
>
>                 Key: BIT-1156
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1156
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>            Reporter: Robin Sommer
>            Assignee: Jon Siwek
>             Fix For: 2.3
>
>
> The payload of DNS TXT records can consist of multiple character strings but the DNS analyzer parses out only the first. We should parse them out all and then probably concatenate into a single string to pass to the event, separated with semicolons or something.
> I have a trace with an example but it would need anonymization before inclusion into the test suite.



--
This message was sent by Atlassian JIRA
(v6.3-OD-03-012#6321)