[Zeek] Fwd: DNS log records do not have total_answers, total_queries, saw_reply and saw_query fields
Jon Siwek
jsiwek at corelight.com
Fri Jan 25 08:44:59 PST 2019
On Fri, Jan 25, 2019 at 2:36 AM Dheeraj Gupta <dheeraj.gupta4 at gmail.com> wrote:
> The fields logged in DNS logs are different from the ones shown in official docs (DNS::Info seen at https://docs.zeek.org/en/stable/scripts/base/protocols/dns/main.bro.html#type-DNS::Info). Concretely, the last four fields (total_answers, total_queries, saw_query and saw_reply) fields are never part of the logs.
The logs contain only fields with the &log attribute. Those fields do
not have &log, so they are not in the logs.
- Jon
More information about the Zeek
mailing list