dns/eve: use default formats if formats is empty

If the configuration field "formats" is empty, DNS response records do
not have any relevant information other than that there was a
response, but not much about the response.

I'm pretty sure the intention here was to log the response details if
no formats were provided, which is what happens when the field is
commented out.

So if no formats are specified, use the default of all.

Bug: #6420
(cherry picked from commit a240a93b6931c94485d336cdc340e16929437a01)

diff --git a/src/output-json-dns.c b/src/output-json-dns.c
index 6d376c631f63e3d76279d54c7dd57e50fe3d7bd5..3cfff270b759e19ea12d49f18670fc2d9437b5fc 100644 (file)
--- a/src/output-json-dns.c
+++ b/src/output-json-dns.c
@@ -595,15 +595,25 @@ static void JsonDnsLogInitFilters(LogDnsFileCtx *dnslog_ctx, ConfNode *conf)
             if (dnslog_ctx->flags & LOG_ANSWERS) {
                 ConfNode *format;
                 if ((format = ConfNodeLookupChild(conf, "formats")) != NULL) {
-                    dnslog_ctx->flags &= ~LOG_FORMAT_ALL;
+                    uint64_t flags = 0;
                     ConfNode *field;
                     TAILQ_FOREACH(field, &format->head, next) {
                         if (strcasecmp(field->val, "detailed") == 0) {
-                            dnslog_ctx->flags |= LOG_FORMAT_DETAILED;
+                            flags |= LOG_FORMAT_DETAILED;
                         } else if (strcasecmp(field->val, "grouped") == 0) {
-                            dnslog_ctx->flags |= LOG_FORMAT_GROUPED;
+                            flags |= LOG_FORMAT_GROUPED;
+                        } else {
+                            SCLogWarning(SC_ERR_INVALID_ARGUMENT, "Invalid JSON DNS log format: %s",
+                                    field->val);
                         }
                     }
+                    if (flags) {
+                        dnslog_ctx->flags &= ~LOG_FORMAT_ALL;
+                        dnslog_ctx->flags |= flags;
+                    } else {
+                        SCLogWarning(SC_ERR_INVALID_ARGUMENT,
+                                "Empty EVE DNS format array, using defaults");
+                    }
                 } else {
                     dnslog_ctx->flags |= LOG_FORMAT_ALL;
                 }