eve/dns: make version required

The "eve.version" field is not always logged. Update the schema to enforce that it is, and fix it for records that don't log it. Ticket: OISF#7167 (cherry picked from commit fcc1b10)
jlucovsky · Jul 30, 2024 · fb3821e · fb3821e
1 parent ee9aad2
commit fb3821e
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 1 deletion.
diff --git a/etc/schema.json b/etc/schema.json
@@ -961,6 +961,9 @@
         },
         "dns": {
             "type": "object",
+            "required": [
+                "version"
+            ],
             "properties": {
                 "aa": {
                     "type": "boolean"
@@ -996,6 +999,7 @@
                     "type": "string"
                 },
                 "version": {
+                    "description": "The version of this EVE DNS event",
                     "type": "integer"
                 },
                 "opcode": {

diff --git a/rust/src/dns/log.rs b/rust/src/dns/log.rs
@@ -480,7 +480,6 @@ fn dns_log_json_answer(
 ) -> Result<(), JsonError> {
     let header = &response.header;
 
-    js.set_uint("version", 2)?;
     js.set_string("type", "answer")?;
     js.set_uint("id", header.tx_id as u64)?;
     js.set_string("flags", format!("{:x}", header.flags).as_str())?;

diff --git a/src/output-json-dns.c b/src/output-json-dns.c
@@ -323,6 +323,7 @@ static int JsonDnsLoggerToServer(ThreadVars *tv, void *thread_data,
         }
 
         jb_open_object(jb, "dns");
+        jb_set_int(jb, "version", 2);
         if (!rs_dns_log_json_query(txptr, i, td->dnslog_ctx->flags, jb)) {
             jb_free(jb);
             break;
@@ -355,6 +356,7 @@ static int JsonDnsLoggerToClient(ThreadVars *tv, void *thread_data,
         }
 
         jb_open_object(jb, "dns");
+        jb_set_int(jb, "version", 2);
         rs_dns_log_json_answer(txptr, td->dnslog_ctx->flags, jb);
         jb_close(jb);
         OutputJsonBuilderBuffer(jb, td->ctx);