Project

General

Profile

Actions

Feature #2764

closed

dns logging v1 vs v2

Added by Peter Manev about 5 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

Putting a place holder for discussion following up an IRC discussion with Jason Ish.

It seems DNS v2 logging differs than v1 in the way that if you would like to specify a custom type logging - https://github.com/OISF/suricata/blob/master/suricata.yaml.in#L188 it is done per type of request not the answer.
It could also be a bit misleading as a user might expect to be able to log in just a or aaaa answers but that is not the case in v2.


Related issues 1 (0 open1 closed)

Related to Suricata - Task #4137: deprecate: eve.dns v1 record supportClosedJason IshActions
Actions

Also available in: Atom PDF