With the following config file I am capturing the entire MS DNS logs. This includes the DNS header info which I want to filter out. I need help figuring out what I can add that will allow me to filter out the DNS header information.
define TAP_Sender_IP XXX.XXX.XXX.XXX
define TAP_Sender_Port XXX
define ROOT C:\Program Files (x86)\nxlog
if ($raw_event =~ /^#/) OR ($raw_event == '') drop();\
Path DNS => Tap
This config removes the blank spaces between DNS entries but leaves the file header. I'm Not sure what I need to change to prevent this from capturing the DNS header information.
Does anyone have any suggestions
Thanks in Advance