[Bro] How filter machine name registration?
Seth Hall
seth at icir.org
Mon Oct 27 07:56:48 PDT 2014
On Oct 27, 2014, at 4:55 AM, Vito Logrillo <vitologrillo at gmail.com> wrote:
> I can see the presence of an additional record in the packet (msg$num_addl =1), but i can't see its value.
> How can i do in Bro?
redef dns_skip_all_addl=F;
Long ago there was a decision in the DNS analyzer to not process auth and addl records due to load issues. If you make the setting change that I recommended, you can get the extra DNS records.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the Bro
mailing list