@load base/protocols/dns global code0:count = 0; global code1:count = 0; global code2:count = 0; global code3:count = 0; global code4:count = 0; global code5:count = 0; global code6:count = 0; global code7:count = 0; global code8:count = 0; global code9:count = 0; global code10:count = 0; global code16:count = 0; global code17:count = 0; global code18:count = 0; global code19:count = 0; global code20:count = 0; global code21:count = 0; global code22:count = 0; global dnstot:count = 0; global uncat:count = 0; global totalcode0:count = 0; global totalcode1:count = 0; global totalcode2:count = 0; global totalcode3:count = 0; global totalcode4:count = 0; global totalcode5:count = 0; global totalcode6:count = 0; global totalcode7:count = 0; global totalcode8:count = 0; global totalcode9:count = 0; global totalcode10:count = 0; global totalcode16:count = 0; global totalcode17:count = 0; global totalcode18:count = 0; global totalcode19:count = 0; global totalcode20:count = 0; global totalcode21:count = 0; global totalcode22:count = 0; global totaldnstot:count = 0; global totaluncat:count = 0; redef record DNS::Info += { code0: count &log &optional; code1: count &log &optional; code2: count &log &optional; code3: count &log &optional; code4: count &log &optional; code5: count &log &optional; code6: count &log &optional; code7: count &log &optional; code8: count &log &optional; code9: count &log &optional; code10: count &log &optional; code16: count &log &optional; code17: count &log &optional; code18: count &log &optional; code19: count &log &optional; code20: count &log &optional; code21: count &log &optional; code22: count &log &optional; total: count &log &optional; uncat: count &log &optional; }; event dns_message(c:connection, is_orig: bool, msg: dns_msg, len: count) { #if(c?$dns) #{ if(msg?$rcode) { if(msg$rcode == 0) { code0 += 1; totalcode0 += 1; } if(msg$rcode == 1) { code1 += 1; totalcode1 += 1; } if(msg$rcode == 2) { code2 += 1; totalcode2 += 1; } if(msg$rcode == 3) { code3 += 1; totalcode3 += 1; } if(msg$rcode == 4) { code4 += 1; totalcode4 += 1; } if(msg$rcode == 5) { code5 += 1; totalcode5 += 1; } if(msg$rcode == 6) { code6 += 1; totalcode6 += 1; } if(msg$rcode == 7) { code7 += 1; totalcode7 += 1; } if(msg$rcode == 8) { code8 += 1; totalcode8 += 1; } if(msg$rcode == 9) { code9 += 1; totalcode9 += 1; } if(msg$rcode == 10) { code10 += 1; totalcode10 += 1; } if(msg$rcode == 16) { code16 += 1; totalcode16 += 1; } if(msg$rcode == 17) { code17 += 1; totalcode17 += 1; } if(msg$rcode == 18) { code18 += 1; totalcode18 += 1; } if(msg$rcode == 19) { code19 += 1; totalcode19 += 1; } if(msg$rcode == 20) { code20 += 1; totalcode20 += 1; } if(msg$rcode == 21) { code21 += 1; totalcode21 += 1; } if(msg$rcode == 22) { code22 += 1; totalcode22 += 1; } } else { uncat += 1; totaluncat += 1; } dnstot += 1; totaldnstot += 1; c$dns$total = dnstot; c$dns$code0 = code0; c$dns$code1 = code1; c$dns$code2 = code2; c$dns$code3 = code3; c$dns$code4 = code4; c$dns$code5 = code5; c$dns$code6 = code6; c$dns$code7 = code7; c$dns$code8 = code8; c$dns$code9 = code9; c$dns$code10 = code10; c$dns$code16 = code16; c$dns$code17 = code17; c$dns$code18 = code18; c$dns$code19 = code19; c$dns$code20 = code20; c$dns$code21 = code21; c$dns$code22 = code22; c$dns$total = dnstot; c$dns$uncat = uncat; #} } event bro_init() { local f = Log::get_filter(DNS::LOG, "default"); f$postprocessor = function(info: Log::RotationInfo): bool { code0 = 0; code1 = 0; code2 = 0; code3 = 0; code4 = 0; code5 = 0; code6 = 0; code7 = 0; code8 = 0; code9 = 0; code10 = 0; code16 = 0; code17 = 0; code18 = 0; code19 = 0; code20 = 0; code21 = 0; code22 = 0; dnstot = 0; uncat = 0; return T; }; Log::remove_filter(DNS::LOG, "default"); Log::add_filter(DNS::LOG, f); } event bro_done() { print "***********************************"; print " DNS Results "; print "***********************************"; print fmt("rcode = 0: %d", totalcode0); print fmt("rcode = 1: %d", totalcode1); print fmt("rcode = 2: %d", totalcode2); print fmt("rcode = 3: %d", totalcode3); print fmt("rcode = 4: %d", totalcode4); print fmt("rcode = 5: %d", totalcode5); print fmt("rcode = 6: %d", totalcode6); print fmt("rcode = 7: %d", totalcode7); print fmt("rcode = 8: %d", totalcode8); print fmt("rcode = 9: %d", totalcode9); print fmt("rcode = 10: %d", totalcode10); print fmt("rcode = 16: %d", totalcode16); print fmt("rcode = 17: %d", totalcode17); print fmt("rcode = 18: %d", totalcode18); print fmt("rcode = 19: %d", totalcode19); print fmt("rcode = 20: %d", totalcode20); print fmt("rcode = 21: %d", totalcode21); print fmt("rcode = 22: %d", totalcode22); print fmt("total dns: %d", totaldnstot); print fmt("total uncategorized: %d", totaluncat); print fmt("percent ServFail and NXDomain: %f", ((totalcode2+totalcode3+0.0)/totaldnstot)); }