[Bro] How filter machine name registration?
Seth Hall
seth at icir.org
Tue Oct 28 05:52:40 PDT 2014
On Oct 28, 2014, at 8:21 AM, Vito Logrillo <vitologrillo at gmail.com> wrote:
> Without any change on source code, what event you suggest to use to handle these data?
> Also an event able to give me additional RRs as row data could be fine.
It depends on the RR type. You can look at the different events for the different RRs here:
https://www.bro.org/sphinx/scripts/base/bif/plugins/Bro_DNS.events.bif.bro.html
I also forgot that there is a script that may add what you are looking for.
@load policy/protocols/dns/auth-addl
You may want to take a look at how that script works to see if it's doing what you want. (also, the DNS::do_reply hook is defined in the DNS scripts and not in the core analyzer)
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the Bro
mailing list