dns/eve: use default formats if formats is empty

If the configuration field "formats" is empty, DNS response records do
not have any relevant information other than that there was a
response, but not much about the response.

I'm pretty sure the intention here was to log the response details if
no formats were provided, which is what happens when the field is
commented out.

So if no formats are specified, use the default of all.

Bug: #6420

diff --git a/src/output-json-dns.c b/src/output-json-dns.c
index 0b6589d5c1bf45218bdc865aa2607514eb730cb8..cd3ccac29db889baffada92e96e9e8a317725eec 100644 (file)
--- a/src/output-json-dns.c
+++ b/src/output-json-dns.c
@@ -512,15 +512,23 @@ static void JsonDnsLogInitFilters(LogDnsFileCtx *dnslog_ctx, ConfNode *conf)
         if (dnslog_ctx->flags & LOG_ANSWERS) {
             ConfNode *format;
             if ((format = ConfNodeLookupChild(conf, "formats")) != NULL) {
-                dnslog_ctx->flags &= ~LOG_FORMAT_ALL;
+                uint64_t flags = 0;
                 ConfNode *field;
                 TAILQ_FOREACH (field, &format->head, next) {
                     if (strcasecmp(field->val, "detailed") == 0) {
-                        dnslog_ctx->flags |= LOG_FORMAT_DETAILED;
+                        flags |= LOG_FORMAT_DETAILED;
                     } else if (strcasecmp(field->val, "grouped") == 0) {
-                        dnslog_ctx->flags |= LOG_FORMAT_GROUPED;
+                        flags |= LOG_FORMAT_GROUPED;
+                    } else {
+                        SCLogWarning("Invalid JSON DNS log format: %s", field->val);
                     }
                 }
+                if (flags) {
+                    dnslog_ctx->flags &= ~LOG_FORMAT_ALL;
+                    dnslog_ctx->flags |= flags;
+                } else {
+                    SCLogWarning("Empty EVE DNS format array, using defaults");
+                }
             } else {
                 dnslog_ctx->flags |= LOG_FORMAT_ALL;
             }