[
https://bro-tracker.atlassian.net/browse/BIT-1156?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16301#comment-16301
]
Jon Siwek commented on BIT-1156:
--------------------------------
{quote}
I don't really like the "TXT ddd xxxx" logging but don't have much of a better
idea either right now.
{quote}
Yeah, it was just that the DNS logs for such TXT RRs are pretty ambiguous
without doing something like that or overhauling how dns.log is formatted
(don't have a fully formed idea, but whenever I try to work w/ those scripts it
always seems like the scope of what it's doing is too broad/general to do any
particular thing accurately/well).
> DNS analyzer parses TXT records imcompletely
> --------------------------------------------
>
> Key: BIT-1156
> URL: https://bro-tracker.atlassian.net/browse/BIT-1156
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Reporter: Robin Sommer
> Assignee: Jon Siwek
> Fix For: 2.3
>
>
> The payload of DNS TXT records can consist of multiple character strings but
> the DNS analyzer parses out only the first. We should parse them out all and
> then probably concatenate into a single string to pass to the event,
> separated with semicolons or something.
> I have a trace with an example but it would need anonymization before
> inclusion into the test suite.
--
This message was sent by Atlassian JIRA
(v6.3-OD-03-012#6321)
_______________________________________________
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
