[Bro] Lot of weird log entries like DNS_RR_unknown_type

C.L. Martinez carlopmart at gmail.com
Mon May 4 04:24:16 PDT 2015


On 05/04/2015 11:19 AM, C.L. Martinez wrote:
> Hi all,
>
>   Over last days, I am seeing a lot of weird errors like:
>
> #separator \x09
> #set_separator    ,
> #empty_field    (empty)
> #unset_field    -
> #path    weird
> #open    2015-05-04-11-04-42
> #fields    ts    uid    id.orig_h    id.orig_p    id.resp_h
> id.resp_p    name    addl    notice    peer
> #types    time    string    addr    port    addr    port    string
> string    bool    string
> 1430737482.215330    CYHJwf46bhQTDkaZV9    172.22.55.1    22237
> 172.22.55.6    53 DNS_RR_unknown_type    -    F    bro
> 1430737483.223168    CIpEYq3OXvMER15dG1    172.22.55.1    58971
> 172.22.55.6    53 DNS_RR_unknown_type    -    F    bro
>
> 172.22.55.1 is our internal DNS server, and recursive queries works ok.
> Then, why this type of weird logs??
>
> Bro 2.3.2 installed under Debian 7 host (fully updated)
>
> Thanks.

Yep, forget it ... Bro logs are correct. Host 172.22.55.6 use an 
external DNS to resolv.

Sorry for the noise.



More information about the Bro mailing list