Latency field value problem #11
Comments
|
I've managed to workaround this issue by disabling scientific notation in receiver.py : |
|
Can you switch to the DNScollector tool ? |
|
Hello @dmachard and thank you for the hint. I'll give it a try 👍 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
I use this piece of software to forward in JSON format the queries events to our SIEM product. But I noticed that for some packets, the latency field value is not quoted, so the JSON parsing is impossible in our SIEM.
Latency field value quoted :
{"dns_message": "CLIENT_RESPONSE", "socket_family": "IPv4", "socket protocol": "UDP", "from_address": "1.2.3.4", "to_address": "2.2.3.3", "query_time": "2024-02-22T13:19:29.186304+00:00", "response_time": "2024-02-22T13:19:29.363495+00:00", "latency": 0.177191, "query_type": "A", "query_name": "example.com.", "return_code": "SERVFAIL", "bytes": 31}And another one unquoted :
{"dns_message": "CLIENT_RESPONSE", "socket_family": "IPv4", "socket protocol": "UDP", "from_address": "1.2.3.4", "to_address": "2.2.3.3", "query_time": "2024-02-22T12:47:20.758735+00:00", "response_time": "2024-02-22T12:47:20.758832+00:00", "latency": 9.7e-05, "query_type": "A", "query_name": "good.fqdn.com.", "return_code": "NOERROR", "bytes": 90}Could you look into this issue please ?
Best regards.
EDIT : both values are unquoted as they are considered as integers I think. But the format with the exponent inside is not recognized by our logs receivers as a valid value.
The text was updated successfully, but these errors were encountered: