https://redmine.openinfosecfoundation.org/https://redmine.openinfosecfoundation.org/favicon.ico?17011170022017-08-03T09:59:44ZOpen Information Security FoundationSuricata - Feature #2199: DNS answer events compactedhttps://redmine.openinfosecfoundation.org/issues/2199?journal_id=85592017-08-03T09:59:44ZEric Leblonderic@regit.org
<ul></ul><p>Regarding the format, i'm sure some people will be interested only by the "metadata" part. Other will want the detailed version only. So we should be able to just output one of them or both of them.</p> Suricata - Feature #2199: DNS answer events compactedhttps://redmine.openinfosecfoundation.org/issues/2199?journal_id=85602017-08-03T10:13:18ZJason Ishjason.ish@oisf.net
<ul></ul><p>Related issue: <a class="external" href="https://redmine.openinfosecfoundation.org/issues/2167">https://redmine.openinfosecfoundation.org/issues/2167</a> which is a more broad issue of covering changes to the eve format, and how to deal with it.</p> Suricata - Feature #2199: DNS answer events compactedhttps://redmine.openinfosecfoundation.org/issues/2199?journal_id=85612017-08-03T10:18:31ZVictor Julienvictor@inliniac.net
<ul></ul><p>Is this a duplicate of <a class="issue tracker-2 status-5 priority-4 priority-default closed" title="Feature: more compact dns logging (Closed)" href="https://redmine.openinfosecfoundation.org/issues/1198">#1198</a>?</p> Suricata - Feature #2199: DNS answer events compactedhttps://redmine.openinfosecfoundation.org/issues/2199?journal_id=86262017-09-12T14:19:29ZAsk Kemp
<ul></ul><p>I believe this request is similar to the one I made in <a class="external" href="https://redmine.openinfosecfoundation.org/issues/2086">https://redmine.openinfosecfoundation.org/issues/2086</a> "DNS answer for a NS containing multiple name servers should only be one line". My request also mentions compactingfor MX answers.</p> Suricata - Feature #2199: DNS answer events compactedhttps://redmine.openinfosecfoundation.org/issues/2199?journal_id=86272017-09-13T01:30:51ZGiuseppe Longogiuseppe@glongo.it
<ul></ul><p>Ask Kemp wrote:</p>
<blockquote>
<p>I believe this request is similar to the one I made in <a class="external" href="https://redmine.openinfosecfoundation.org/issues/2086">https://redmine.openinfosecfoundation.org/issues/2086</a> "DNS answer for a NS containing multiple name servers should only be one line". My request also mentions compactingfor MX answers.</p>
</blockquote>
<p>I've sent a PR for this ticket, If you want to try it: <a class="external" href="https://github.com/inliniac/suricata/pull/2884">https://github.com/inliniac/suricata/pull/2884</a><br />Feedback is welcome.</p> Suricata - Feature #2199: DNS answer events compactedhttps://redmine.openinfosecfoundation.org/issues/2199?journal_id=95782018-03-22T04:07:01ZVictor Julienvictor@inliniac.net
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Closed</i></li><li><strong>Target version</strong> changed from <i>70</i> to <i>4.1beta1</i></li></ul><p><a class="external" href="https://github.com/OISF/suricata/pull/3287">https://github.com/OISF/suricata/pull/3287</a></p> Suricata - Feature #2199: DNS answer events compactedhttps://redmine.openinfosecfoundation.org/issues/2199?journal_id=99012018-07-09T17:37:51ZJason Ishjason.ish@oisf.net
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-5 priority-4 priority-default closed" href="/issues/2086">Feature #2086</a>: DNS answer for a NS containing multiple name servers should only be one line</i> added</li></ul>