DNS processor does not work with Suricata integration

svatopluk · June 24, 2024, 12:54pm

Hello community,
I have a problem with dns processor. I am using Suricata integration and I need DNS reverse lookup, that's why I decided to use dns processor. I also created mapping for new fields. But this processor does not work. I have only empty fields without any error in logs and I don't know why? Please help me to fix it, thx.

Here is my written processor:

- dns:
   type: reverse
   action: replace
   transport: udp
   fields:
     suricata.eve.src_ip: source.hostname
     suricata.eve.dest_ip: destination.hostname
     source.ip: src.domain
     destination.ip: dest.domain
   nameservers: ['192.168.1.2']
   timeout: 500ms
   tag_on_failure: [_dns_reverse_lookup_failed]

Topic		Replies	Views
Elastic Agent, System Integration, Processors Kibana fleet	9	1101	July 27, 2022
Squid Logs Integration (Technical preview) ignores custom DNS processor when added under the integration's advanced configuration section Elastic Agent integrations	1	241	October 5, 2022
Using DNS processors in built in integration in Kibana Kibana integrations	1	403	April 25, 2022
Reverse dns lookup for elastic-agent Beats elastic-agent	4	820	March 12, 2022
Suricata Logs Not Received by Elastic Cloud Elastic Agent	1	159	June 9, 2023

DNS processor does not work with Suricata integration

Related topics