Project

General

Profile

Actions
Copy link

Documentation #4768

closed

DNS v2 EVE does not longer contain `dns.rdata` but it is still listed in the documentation

Added by Sascha Steinbiss over 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Low
Assignee:
Sascha Steinbiss
Target version:
TBD
Affected Versions:
Effort:
Difficulty:
Label:

Description

The RTD documentation for the DNS EVE-JSON fields (15.1.2.5.1 https://suricata.readthedocs.io/en/latest/output/eve/eve-json-format.html#id4) still lists rdata as being a field in the dns sub-object for DNS answers. However, in the Rust logging code there is no such field being added. Rdata information is only given as part of the dns.answers or dns.grouped output.

Actions
Copy link
 #1

Updated by Andreas Herz about 2 years ago

  • Status changed from New to Assigned
  • Assignee set to Sascha Steinbiss
  • Target version set to TBD

Are you willing to send a PR :)?

Actions
Copy link
 #2

Updated by Sascha Steinbiss about 2 years ago

I think this can actually be closed. Looking at it again the documentation does not really claim that rdata is a top level field, it just speaks of an 'outline of fields seen in the different kinds of DNS events'. Since the examples are all up to date AFAICS we're fine here.

Actions
Copy link
 #3

Updated by Andreas Herz about 2 years ago

  • Status changed from Assigned to Closed
Actions
Copy link

Also available in: Atom PDF