mirror of
https://github.com/zeek/zeek.git
synced 2025-10-14 04:28:20 +00:00
19 lines
No EOL
466 B
Text
19 lines
No EOL
466 B
Text
##! This script adds the query with its original letter casing
|
|
##! to the DNS log.
|
|
|
|
@load base/protocols/dns/main
|
|
|
|
module DNS;
|
|
|
|
export {
|
|
redef record Info += {
|
|
## Query with original letter casing
|
|
original_query: string &log &optional;
|
|
};
|
|
}
|
|
|
|
event dns_request(c: connection, msg: dns_msg, query: string, qtype: count, qclass: count, original_query: string)
|
|
{
|
|
if ( c?$dns && ! c$dns?$original_query )
|
|
c$dns$original_query = original_query;
|
|
} |