aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

eve/dns: make version required

Browse Source 
The "eve.version" field is not always logged. Update the schema to
enforce that it is, and fix it for records that don't log it.

Ticket: #7167
(cherry picked from commit fcc1b1067b)
pull/11684/head
Jason Ish 1 year ago committed by Victor Julien
parent 304fe41762
commit 03844b4291
3 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File

4
etc/schema.json
Unescape Escape View File

@ -961,6 +961,9 @@
}, },
"dns": { "dns": {
"type": "object", "type": "object",
"required": [
"version"
],
"properties": { "properties": {
"aa": { "aa": {
"type": "boolean" "type": "boolean"
@ -996,6 +999,7 @@
"type": "string" "type": "string"
}, },
"version": { "version": {
"description": "The version of this EVE DNS event",
"type": "integer" "type": "integer"
}, },
"opcode": { "opcode": {

1
src/output-json-alert.c
Unescape Escape View File

@ -230,6 +230,7 @@ static void AlertJsonDns(const Flow *f, const uint64_t tx_id, JsonBuilder *js)
dns_state, tx_id); dns_state, tx_id);
if (txptr) { if (txptr) {
jb_open_object(js, "dns"); jb_open_object(js, "dns");
jb_set_int(js, "version", 2);
JsonBuilder *qjs = JsonDNSLogQuery(txptr); JsonBuilder *qjs = JsonDNSLogQuery(txptr);
if (qjs != NULL) { if (qjs != NULL) {
jb_set_object(js, "query", qjs); jb_set_object(js, "query", qjs);

1
src/output-json-dns.c
Unescape Escape View File

@ -323,6 +323,7 @@ static int JsonDnsLoggerToServer(ThreadVars *tv, void *thread_data,
} }
jb_open_object(jb, "dns"); jb_open_object(jb, "dns");
jb_set_int(jb, "version", 2);
if (!rs_dns_log_json_query(txptr, i, td->dnslog_ctx->flags, jb)) { if (!rs_dns_log_json_query(txptr, i, td->dnslog_ctx->flags, jb)) {
jb_free(jb); jb_free(jb);
break; break;

Write Preview
Loading…
Cancel
Save