Skip to content
/ Suricata-Passive-DNS Public

How to use Suricata (offline analysis) as Passive DNS records producer

License

GPL-3.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

srameko/Suricata-Passive-DNS

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
scripts
scripts
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pdns.yaml
pdns.yaml
 
 

Repository files navigation

Suricata-Passive-DNS

How to use Suricata (offline analysis, PCAP) as Passive DNS records producer

How to setup Suricata as Passive DNS records

	wget https://github.com/srameko/Suricata-Passive-DNS/archive/master.zip
	cd /Suricata-Passive-DNS/
	cp pdns.yaml /etc/suricata/
	mkdir /etc/suricata/scripts
	cp pdns.lua /etc/suricata/scripts/

Tested on

Suricata 3.2.4@CentOS 7.4.1708 (rpm package)

Test

Don't forget to test your pdns config file suricata -c <path-to-pdns.yaml> -T

Log path

Default log path is /var/log/suricata/pdns.log

Passive DNS log format: TIMESTAMP TYPE RRNAME ADDR

Thanks

Thanks to Jason Ish and his Suricata Verification Tests Project (Lua Output DNS) which I used to edit and create this Project.

About

How to use Suricata (offline analysis) as Passive DNS records producer

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages