Bug #1379: EVE json missing CNAME rdata - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #1379

closed

EVE json missing CNAME rdata

Added by jason jones about 9 years ago. Updated almost 9 years ago.

Status:

Closed

Priority:

Normal

Assignee:

David Cannings

Target version:

2.1beta4

Affected Versions:

Effort:

Difficulty:

Label:

Description

Using suricata 2.0.6, dns output for CNAME entries appear to be missing rdata in the EVE json log. I have verified that this is in the raw dns.log.

Example below of CNAME responses for the same hostname with the missing data:

DNS Log:

<Redacted> [**] Response TX <redacted> [**] init-p01st.push.apple.com [**] CNAME [**] TTL 32 [**] init-p01st.push.apple.com.edgesuite.net [**] <redacted>

EVE Json:

{"timestamp":"<redacted>","event_type":"dns","src_ip":"<redacted>","src_port":53,"dest_ip":"<redacted>","dest_port":<redacted>,"proto":"UDP","dns":{"type":"answer","id":<redacted>,"rrname":"init-p01st.push.apple.com","rrtype":"CNAME","ttl":13}}

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #1379

EVE json missing CNAME rdata

Updated by David Cannings almost 9 years ago

Updated by Victor Julien almost 9 years ago