[Oisf-users] practical use of dns log
Victor Julien
lists at inliniac.net
Wed Nov 27 16:50:39 UTC 2013
On 11/27/2013 05:06 PM, Edward Fjellskål wrote:
> Logging the query and answer in two different log lines reduces the need
> to do the tracking of "dns-sessions" inside suricata, hence saving memory
This is not accurate. Suricata does do the session tracking.
The reason for the current format is that I wanted to output all the
records and also an easy to parse format. As the number of records is
dynamic, a single line format is tricky. Maybe it's not necessary to
output all these records, so I'm open to suggestions here.
Also, Tom is working on a json output where all the records of a single
TX are on a singe line. https://github.com/inliniac/suricata/pull/643
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list