[Oisf-users] Correlated DNS answers
Andreas Moe
moe.andreas at gmail.com
Sat Oct 31 20:00:58 UTC 2015
Hi there folks!
When performing DNS queries, and having activated DNS Eve logging in
Suricata, i see that my log holds seperate log entries for each answer,
even though they were the part of the same query.
1) Is this as expected?
2) Should this be done some other way? (In my mind) A single query, should
be logged as a single log entry, and the answer should be logged as a
single log entry. Say with a query to google.com, and it resolves to 5
distinct IPs, all of these should be in one log entry?
/AndreasM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20151031/7cc6d5f2/attachment.html>
More information about the Oisf-users
mailing list