[Zeek] DNS log records do not have total_answers, total_queries, saw_reply and saw_query fields

Dheeraj Gupta dheeraj.gupta4 at gmail.com
Fri Jan 25 08:47:22 PST 2019


Ah, thanks for pointing it out. I didn't know about the &log attribute

On Fri 25 Jan, 2019, 22:15 Jon Siwek, <jsiwek at corelight.com> wrote:

> On Fri, Jan 25, 2019 at 2:36 AM Dheeraj Gupta <dheeraj.gupta4 at gmail.com>
> wrote:
>
> > The fields logged in DNS logs are different from the ones shown in
> official docs (DNS::Info seen at
> https://docs.zeek.org/en/stable/scripts/base/protocols/dns/main.bro.html#type-DNS::Info).
> Concretely, the last four fields (total_answers, total_queries, saw_query
> and saw_reply) fields are never part of the logs.
>
> The logs contain only fields with the &log attribute.  Those fields do
> not have &log, so they are not in the logs.
>
> - Jon
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190125/aceeb83e/attachment.html 


More information about the Zeek mailing list