The "eve.version" field is not always logged. Update the schema to
enforce that it is, and fix it for records that don't log it.
Ticket: #7167
(cherry picked from commit
fcc1b1067b5e4c3b9b063ab90fa073de57577968)
},
"dns": {
"type": "object",
+ "required": [
+ "version"
+ ],
"properties": {
"aa": {
"type": "boolean"
"type": "string"
},
"version": {
+ "description": "The version of this EVE DNS event",
"type": "integer"
},
"opcode": {
dns_state, tx_id);
if (txptr) {
jb_open_object(js, "dns");
+ jb_set_int(js, "version", 2);
JsonBuilder *qjs = JsonDNSLogQuery(txptr);
if (qjs != NULL) {
jb_set_object(js, "query", qjs);
}
jb_open_object(jb, "dns");
+ jb_set_int(jb, "version", 2);
if (!rs_dns_log_json_query(txptr, i, td->dnslog_ctx->flags, jb)) {
jb_free(jb);
break;
projects / thirdparty / suricata.git / commitdiff
