Date format Suricata
-
@nollipfsense I can't find a setting nowhere to define date/time format.....
-
@manilx Never set mine however, here showing the format you seek...
-
@nollipfsense Same format here in that screen! But in the log it's "wrong"
-
@manilx The image above (previous edited post( shows two different formats...
-
Same here. It's something the developer can fix. It's minor but.....
-
@manilx NTP log, Status > System logs > NTP shows what you want...MM/DD
-
@nollipfsense Yes but this is the alert view I have issues with.
-
@manilx You may have to live with it for a while...there wont be any priority to change anytime soon.
-
@nollipfsense yeah
-
I changed this quite some back because all the American users were complaining about the native Suricata format. Because the Suricata development team resides in The Netherlands, the native logging output is in European format. The American users hated it, mainly because Snort logged in US format as well and they were accustomed to that. So, I changed the formatting of the alerts log output to the current date form (Month / Day / Year).
It is something that can be changed by a few edits to the PHP code in the
/usr/local/www/suricata/suricata_alerts.phpfile. Making this some sort of global setting is a bit more work. -
@bmeeks There should be a simple option!
I hate the actual format as well....
Give me the details on the edit in the meantime pls. -
@bmeeks said in Date format Suricata:
I changed this quite some back because all the American users were complaining
@manilx said in Date format Suricata:
There should be a simple option!
Imo there is no simple solution. Options
-
Chose a common format -> some users will be happy, those that don't use the chosen format will be annoyed.
-
Choose a format no one uses but all recognise (eg ISO YYYY-MM-DD which I like as a text sort is chronological).
-
Implement number and date localisation in pfsense.
-
Implement number and date localisation in Suricate
So with lots of work there are general solutions but probably better tasks to spend that programming effort on.
-
-
@patch Would be happy with yyyy-mm-ddd. The US mm-dd is what I really do hate!
Yes and it is minor. But as the others have complained and you "had to change" I'm at least at the same spot ;)
-
@manilx P.S: The format used in the widget is fine!
-
I will see what I can do to make this a little more configurable. There are some limitations on the ALERTS tab with available column widths. That's the reason the two-digit year format was chosen. Space overall across the table is constrained by the way formatting is done in bootstrap.
Perhaps using the Dashboard Widget format as @manilx suggests is the best compromise. That will not cause a column width problem, and I really doubt anyone has an ALERTS tab showing alerts from a previous year except for maybe early in January of a new year.
-
Oops! Upon further reflection on this, using the Dashboard Widget data format with just the three-letter abbreviated month and then the day of the month will cause big-time sorting issues. When sorting the column contents the bootstrap code by default is going to use alphanumeric sorting, so "Apr" would come before "Mar", and that is incorrect in terms of ascending dates, for example.
Now I remember the main reason I made the switch to American format for the dates
. It was so the bootstrap column sorting would work. Prior to pfSense migrating the GUI code to bootstrap, there was no table column sorting and so the displayed date format did not matter. Now, with table column sorting built into the GUI, the format of data does matter. When column sorting was first introduced, users were complaining because the default text sorting of the Alert Date column was not correct using anything other than YY-MM-DD for the date format.I need to see if the current pfSense bootstrap environment includes the
Moment.jscomponent so that the format of the date field can be specified in the table column header field to control how bootstrap sorts the column.I'm not giving up, but the task just got a little more complicated.
-
@bmeeks YY-MM-DD would be OK for all countries....
-
@manilx said in Date format Suricata:
@bmeeks YY-MM-DD would be OK for all countries....
The
Moment.jsmodule, when included in a Bootstrap environment, lets you specify the format of a date colum so that Bootstrap sorts it correctly.The way Bootstrap sorting works is on the client itself. The server (pfSense in our case) spits out the entire HTML document to the browser which displays it. Embedded within the HTML are a series of Javascript functions for various Bootstrap things. One of those is the table sorting routine. When you click a colunn header to sort a column, it's not pfSense that does that. It is the Javascript code running within the browser. And that code needs to know what "format' of data it is sorting in the HTML tables.
-
@bmeeks said in Date format Suricata:
I'm not giving up, but the task just got a little more complicated.
This is how pfblockerNG presents the alerts:
Could that be a clou?
Kettop Mi4300YL CPU: i5-4300Y @ 1.60GHz RAM: 8GB Ethernet Ports: 4
SSD: SanDisk pSSD-S2 16GB (ZFS) WiFi: WLE200NX
pfsense 2.7.2 CE
Packages: Apcupsd Cron Iftop Iperf LCDproc Nmap pfBlockerNG RRD_Summary Shellcmd Snort Speedtest System_Patches. -
@fireodo fine with that. Just the numeric MM-DD is SO weird for us europeans ;)
Netgate 8200max
