Issues with my DNS Filter

Greg.N · March 26, 2024, 7:48pm

Hello,

I’ve been asked to filter our DNS.log to exclude quite a bit of traffic based on the query. Being quite new to the scripting side of Zeek what I’ve attempted to do doesn’t appear to work with wildcards.
In the log entries I have domains ending .com/... with each octet ranging from 1-255, is there a way to filter them all in one string or does it have to be individual entries for each ip address?

Cheers for any assistance.

Vern · March 27, 2024, 6:53pm

If you can provide your script, this is likely easy to address, but without it I don’t have a fully clear picture of what you’ve tried / want to do.

Topic		Replies	Views
filtering out unwanted domains from bro dns.log Zeek	2	341	May 6, 2022
Not recording SOME dns lookups... Zeek	2	171	May 6, 2022
Filtering help Zeek	11	1001	May 6, 2022
DNS queries missing Zeek	1	352	July 18, 2023
Disable dns.log Zeek	7	204	May 6, 2022

Issues with my DNS Filter

Related Topics