[Bro] Lot of weird log entries like DNS_RR_unknown_type
C.L. Martinez
carlopmart at gmail.com
Mon May 4 04:24:16 PDT 2015
On 05/04/2015 11:19 AM, C.L. Martinez wrote:
> Hi all,
>
> Over last days, I am seeing a lot of weird errors like:
>
> #separator \x09
> #set_separator ,
> #empty_field (empty)
> #unset_field -
> #path weird
> #open 2015-05-04-11-04-42
> #fields ts uid id.orig_h id.orig_p id.resp_h
> id.resp_p name addl notice peer
> #types time string addr port addr port string
> string bool string
> 1430737482.215330 CYHJwf46bhQTDkaZV9 172.22.55.1 22237
> 172.22.55.6 53 DNS_RR_unknown_type - F bro
> 1430737483.223168 CIpEYq3OXvMER15dG1 172.22.55.1 58971
> 172.22.55.6 53 DNS_RR_unknown_type - F bro
>
> 172.22.55.1 is our internal DNS server, and recursive queries works ok.
> Then, why this type of weird logs??
>
> Bro 2.3.2 installed under Debian 7 host (fully updated)
>
> Thanks.
Yep, forget it ... Bro logs are correct. Host 172.22.55.6 use an
external DNS to resolv.
Sorry for the noise.
More information about the Bro
mailing list