Project

General

Profile

Actions
Copy link

Bug #1664

closed
RR JI

Unreplied DNS queries not logged when flow is aged out

Bug #1664: Unreplied DNS queries not logged when flow is aged out

Added by Ray Ruvinskiy over 10 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
High
Assignee:
Jason Ish
Target version:
3.1.1
Affected Versions:
Effort:
Difficulty:
Label:

Description

If a DNS query is not followed by a response before the flow is timed out, the DNS transaction is not logged at all. I was wondering if there's a way to trigger the tx logging before the flow is flushed out.

This is observed with suricata 3.0RC1.

Related issues 1 (0 open1 closed)

Related to Suricata - Bug #1419: DNS transaction handling issuesClosedJason IshActions

VJ Updated by Victor Julien over 10 years ago Actions
Copy link
 #1

  • Status changed from New to Assigned
  • Assignee set to Victor Julien
  • Target version set to 70

VJ Updated by Victor Julien almost 10 years ago Actions
Copy link
 #2

  • Priority changed from Normal to High

JI Updated by Jason Ish almost 10 years ago Actions
Copy link
 #3

  • Related to Bug #1419: DNS transaction handling issues added

JI Updated by Jason Ish almost 10 years ago Actions
Copy link
 #4

I believe this is related to issue #1419.

JI Updated by Jason Ish over 9 years ago Actions
Copy link
 #5

  • Status changed from Assigned to Closed
  • Target version changed from 70 to 3.1.1

Fixed. See https://github.com/inliniac/suricata/pull/2174

The DNS query is now logged after the query is complete instead of waiting for the reply. So a missing reply will no longer result in not logging the query.

VJ Updated by Victor Julien over 9 years ago Actions
Copy link
 #6

  • Assignee changed from Victor Julien to Jason Ish
Actions
Copy link

Also available in: PDF Atom