From: Jason Ish Date: Fri, 12 Jul 2024 20:50:34 +0000 (-0600) Subject: eve/dns: make version required X-Git-Tag: suricata-7.0.7~49 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=03844b4291d611f74cfe7f4aed645ae35b9571e5;p=thirdparty%2Fsuricata.git eve/dns: make version required The "eve.version" field is not always logged. Update the schema to enforce that it is, and fix it for records that don't log it. Ticket: #7167 (cherry picked from commit fcc1b1067b5e4c3b9b063ab90fa073de57577968) --- diff --git a/etc/schema.json b/etc/schema.json index 531a09afd8..24b302e880 100644 --- a/etc/schema.json +++ b/etc/schema.json @@ -961,6 +961,9 @@ }, "dns": { "type": "object", + "required": [ + "version" + ], "properties": { "aa": { "type": "boolean" @@ -996,6 +999,7 @@ "type": "string" }, "version": { + "description": "The version of this EVE DNS event", "type": "integer" }, "opcode": { diff --git a/src/output-json-alert.c b/src/output-json-alert.c index 072e54b616..bb3e370c4d 100644 --- a/src/output-json-alert.c +++ b/src/output-json-alert.c @@ -230,6 +230,7 @@ static void AlertJsonDns(const Flow *f, const uint64_t tx_id, JsonBuilder *js) dns_state, tx_id); if (txptr) { jb_open_object(js, "dns"); + jb_set_int(js, "version", 2); JsonBuilder *qjs = JsonDNSLogQuery(txptr); if (qjs != NULL) { jb_set_object(js, "query", qjs); diff --git a/src/output-json-dns.c b/src/output-json-dns.c index 020e27853a..773091ca89 100644 --- a/src/output-json-dns.c +++ b/src/output-json-dns.c @@ -323,6 +323,7 @@ static int JsonDnsLoggerToServer(ThreadVars *tv, void *thread_data, } jb_open_object(jb, "dns"); + jb_set_int(jb, "version", 2); if (!rs_dns_log_json_query(txptr, i, td->dnslog_ctx->flags, jb)) { jb_free(jb); break;