Project

General

Profile

Actions
Copy link

Feature #4751

closed
VJ HK

dns/eve: add 'HTTPS' type logging

Feature #4751: dns/eve: add 'HTTPS' type logging

Added by Victor Julien over 4 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Haleema Khan
Target version:
7.0.0-rc1
Effort:
Difficulty:
Label:
Beginner, Needs backport to 6.0, Rust

Description

{"timestamp":"2021-10-12T10:17:37.702061+0200","flow_id":865976079988333,"pcap_cnt":1,"event_type":"dns","src_ip":"192.168.0.47","src_port":61954,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":4220,"rrname":"46-105-202-126.any.cdn.anycast.me","rrtype":"65","tx_id":0}}

rrtype: 65 instead of HTTPS

Files

Download all files
dns-in-rec.pcap (133 Bytes) dns-in-rec.pcap Victor Julien, 10/12/2021 08:24 AM
Screenshot from 2021-10-12 10-25-04.png (78.8 KB) Screenshot from 2021-10-12 10-25-04.png Victor Julien, 10/12/2021 08:25 AM

Subtasks 1 (0 open1 closed)

Feature #6282: dns/eve: add 'HTTPS' type logging (6.0.x backport)ClosedJason IshActions

VJ Updated by Victor Julien over 4 years ago Actions
Copy link
 #1

  • Description updated (diff)

VJ Updated by Victor Julien over 4 years ago Actions
Copy link
 #2

  • Subject changed from dns: add 'HTTPS' type logging to dns/eve: add 'HTTPS' type logging
  • Label Beginner added

VJ Updated by Victor Julien over 4 years ago Actions
Copy link
 #3

  • Label Rust added

HK Updated by Haleema Khan over 3 years ago Actions
Copy link
 #4

  • Assignee set to Haleema Khan

HK Updated by Haleema Khan over 3 years ago Actions
Copy link
 #5

After looking into the code specifically the DNS event type code parts and after reading all DNS record types, I have understood that it is returning rrtype:65 mainly because a DNS record type does not exist for the value: 65 so when matching the rrtype it never finds a match and the rrtype 65 gets returned as is after a toString() conversion.
If that's the case then first a DNS record type for this needs to be defined and then I can move forward with matching it in code.
Asking here just to make sure I am going in the right direction.

HK Updated by Haleema Khan over 3 years ago Actions
Copy link
 #6

  • Status changed from New to In Review

SB Updated by Shivani Bhardwaj over 3 years ago Actions
Copy link
 #7

  • Target version set to 7.0.0-beta1

HK Updated by Haleema Khan over 3 years ago Actions
Copy link
 #8

VJ Updated by Victor Julien over 3 years ago Actions
Copy link
 #9

  • Target version changed from 7.0.0-beta1 to 7.0.0-rc1

HK Updated by Haleema Khan over 3 years ago Actions
Copy link
 #10

  • Status changed from In Review to Closed

JI Updated by Jason Ish over 2 years ago Actions
Copy link
 #11

  • Label Needs backport to 6.0 added

JI Updated by Jason Ish over 2 years ago Actions
Copy link
 #12

  • Status changed from Closed to Resolved

JI Updated by Jason Ish over 2 years ago Actions
Copy link
 #13

  • Subtask #6282 added

JI Updated by Jason Ish over 2 years ago Actions
Copy link
 #14

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: PDF Atom