[
https://bro-tracker.atlassian.net/browse/BIT-1157?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15731#comment-15731
]
Justin Azoff commented on BIT-1157:
-----------------------------------
For example, a DNS log entry that does not have an answer does not contain the
'answers' or 'TTLs' fields:
{code}
{
"rejected": false,
"Z": 1,
"RA": false,
"RD": false,
"TC": false,
"trans_id": 14902,
"proto": "udp",
"id.resp_p": 137,
"id.resp_h": "192.168.2.8",
"id.orig_p": 54887,
"id.orig_h": "192.168.2.1",
"uid": "CQwqq34KjPClu3aD38",
"ts": 1394806566.399907,
"query":
"*\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
"qclass": 1,
"qclass_name": "C_INTERNET",
"qtype": 33,
"qtype_name": "NBSTAT",
"rcode": 0,
"rcode_name": "NOERROR",
"AA": false
}
{code}
I'd expect it to have
{code}
"answers": [],
"TTLs": [],
{code}
but I suppose the above is correct two, just different from the .csv format
which has to show something for that column.
> optional fields are missing from JSON logs
> ------------------------------------------
>
> Key: BIT-1157
> URL: https://bro-tracker.atlassian.net/browse/BIT-1157
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Affects Versions: git/master
> Reporter: Justin Azoff
> Assignee: Seth Hall
>
--
This message was sent by Atlassian JIRA
(v6.2-OD-10-004-WN#6253)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
