Project

General

Profile

Feature #3231

EVE DNS v2 logging does not support request filtering.

Added by Jason Ish 8 months ago. Updated 6 months ago.

Status:
Rejected
Priority:
Normal
Assignee:
Target version:
-
Effort:
Difficulty:
Label:

Description

The v2 implementation of EVE DNS supports filtering the response types with the answer-types parameter, however there is no equivalent to filter requests from being logged. This is a regression from the v1 logging which supported request filtering.

#1

Updated by Victor Julien 8 months ago

Think we should target 5.0.1 for this?

#2

Updated by Jason Ish 8 months ago

  • Target version set to 5.0.1

Victor Julien wrote:

Think we should target 5.0.1 for this?

Yeah, I do.

#3

Updated by Jason Ish 7 months ago

  • Status changed from Assigned to Rejected

Rejecting. I was wrong, I think due to dated documentation. Filtering does work as expected, and aligns with the last documentation updates to the EVE/DNS section.

This suricata-verify test confirms it works as expected:
https://github.com/OISF/suricata-verify/pull/150

#4

Updated by Victor Julien 6 months ago

  • Target version deleted (5.0.1)
  • Effort deleted (low)
  • Difficulty deleted (low)

Also available in: Atom PDF