[Zeek] Fwd: DNS log records do not have total_answers, total_queries, saw_reply and saw_query fields
Dheeraj Gupta
dheeraj.gupta4 at gmail.com
Fri Jan 25 00:27:08 PST 2019
Hi,
I am running Bro/Zeek v 2.6.1.
The fields logged in DNS logs are different from the ones shown in official
docs (DNS::Info seen at
https://docs.zeek.org/en/stable/scripts/base/protocols/dns/main.bro.html#type-DNS::Info).
Concretely, the last four fields (total_answers, total_queries, saw_query
and saw_reply) fields are never part of the logs. This behaviour was seen
in previous versions of Bro/Zeek as well (atleast from v.2.4).
I looked at the dns/main.bro script and can't figure out why this is
happening. Any ideas are greatly appreciated.
Regards,
Dheeraj
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190125/87cf3276/attachment.html
More information about the Zeek
mailing list