From: Jason Ish <ish@unx.ca>
Date: Fri, 7 Dec 2018 15:26:31 +0000 (-0600)
Subject: dns json v2 (C) - log rrtype in response
X-Git-Tag: suricata-4.1.1~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d03a5be118dd8545000262463152eef374e066cc;p=thirdparty%2Fsuricata.git

dns json v2 (C) - log rrtype in response

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2723
---

diff --git a/src/output-json-dns.c b/src/output-json-dns.c
index e70a7f2632..02dc438fb3 100644
--- a/src/output-json-dns.c
+++ b/src/output-json-dns.c
@@ -861,8 +861,8 @@ static json_t *BuildAnswer(DNSTransaction *tx, uint64_t tx_id, uint64_t flags,
     DNSCreateRcodeString(tx->rcode, rcode, sizeof(rcode));
     json_object_set_new(js, "rcode", json_string(rcode));
 
-    /* Log the query rrname. Mostly useful on error, but still
-     * useful. */
+    /* Log the query rrname and rrtype. Mostly useful on error, but
+     * still useful. */
     DNSQueryEntry *query = TAILQ_FIRST(&tx->query_list);
     if (query != NULL) {
         char *c;
@@ -872,6 +872,9 @@ static json_t *BuildAnswer(DNSTransaction *tx, uint64_t tx_id, uint64_t flags,
             json_object_set_new(js, "rrname", json_string(c));
             SCFree(c);
         }
+        char rrtype[16] = "";
+        DNSCreateTypeString(query->type, rrtype, sizeof(rrtype));
+        json_object_set_new(js, "rrtype", json_string(rrtype));
     }
 
     if (flags & LOG_FORMAT_DETAILED) {