[Bro-Dev] [JIRA] (BIT-1157) optional fields are missing from JSON logs
Justin Azoff (JIRA)
jira at bro-tracker.atlassian.net
Fri Mar 14 07:27:18 PDT 2014
[ https://bro-tracker.atlassian.net/browse/BIT-1157?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15731#comment-15731 ]
Justin Azoff commented on BIT-1157:
-----------------------------------
For example, a DNS log entry that does not have an answer does not contain the 'answers' or 'TTLs' fields:
{code}
{
"rejected": false,
"Z": 1,
"RA": false,
"RD": false,
"TC": false,
"trans_id": 14902,
"proto": "udp",
"id.resp_p": 137,
"id.resp_h": "192.168.2.8",
"id.orig_p": 54887,
"id.orig_h": "192.168.2.1",
"uid": "CQwqq34KjPClu3aD38",
"ts": 1394806566.399907,
"query": "*\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
"qclass": 1,
"qclass_name": "C_INTERNET",
"qtype": 33,
"qtype_name": "NBSTAT",
"rcode": 0,
"rcode_name": "NOERROR",
"AA": false
}
{code}
I'd expect it to have
{code}
"answers": [],
"TTLs": [],
{code}
but I suppose the above is correct two, just different from the .csv format which has to show something for that column.
> optional fields are missing from JSON logs
> ------------------------------------------
>
> Key: BIT-1157
> URL: https://bro-tracker.atlassian.net/browse/BIT-1157
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Affects Versions: git/master
> Reporter: Justin Azoff
> Assignee: Seth Hall
>
--
This message was sent by Atlassian JIRA
(v6.2-OD-10-004-WN#6253)
More information about the bro-dev
mailing list