Date format Suricata

manilx

@manilx P.S: The format used in the widget is fine!

bmeeks

I will see what I can do to make this a little more configurable. There are some limitations on the ALERTS tab with available column widths. That's the reason the two-digit year format was chosen. Space overall across the table is constrained by the way formatting is done in bootstrap.

Perhaps using the Dashboard Widget format as @manilx suggests is the best compromise. That will not cause a column width problem, and I really doubt anyone has an ALERTS tab showing alerts from a previous year except for maybe early in January of a new year.

bmeeks

Oops! Upon further reflection on this, using the Dashboard Widget data format with just the three-letter abbreviated month and then the day of the month will cause big-time sorting issues. When sorting the column contents the bootstrap code by default is going to use alphanumeric sorting, so "Apr" would come before "Mar", and that is incorrect in terms of ascending dates, for example.

Now I remember the main reason I made the switch to American format for the dates . It was so the bootstrap column sorting would work. Prior to pfSense migrating the GUI code to bootstrap, there was no table column sorting and so the displayed date format did not matter. Now, with table column sorting built into the GUI, the format of data does matter. When column sorting was first introduced, users were complaining because the default text sorting of the Alert Date column was not correct using anything other than YY-MM-DD for the date format.

I need to see if the current pfSense bootstrap environment includes the Moment.js component so that the format of the date field can be specified in the table column header field to control how bootstrap sorts the column.

I'm not giving up, but the task just got a little more complicated.

manilx

@bmeeks YY-MM-DD would be OK for all countries....

bmeeks

@manilx said in Date format Suricata:

@bmeeks YY-MM-DD would be OK for all countries....

The Moment.js module, when included in a Bootstrap environment, lets you specify the format of a date colum so that Bootstrap sorts it correctly.

The way Bootstrap sorting works is on the client itself. The server (pfSense in our case) spits out the entire HTML document to the browser which displays it. Embedded within the HTML are a series of Javascript functions for various Bootstrap things. One of those is the table sorting routine. When you click a colunn header to sort a column, it's not pfSense that does that. It is the Javascript code running within the browser. And that code needs to know what "format' of data it is sorting in the HTML tables.

fireodo

@bmeeks said in Date format Suricata:

I'm not giving up, but the task just got a little more complicated.

This is how pfblockerNG presents the alerts:

Could that be a clou?

manilx

@fireodo fine with that. Just the numeric MM-DD is SO weird for us europeans ;)

bmeeks

@fireodo said in Date format Suricata:

@bmeeks said in Date format Suricata:

I'm not giving up, but the task just got a little more complicated.

This is how pfblockerNG presents the alerts:

Could that be a clou?

If you change that column sort direction, does it work properly with dates that have "Apr" in them? The problem I was talking about only happens when you get the right combinations of alert dates. For example, if you had alerts from January through May, your sorting would be "off". If you sorted "Ascending" you expect January alerts to come first, then February, March, April, etc. But depending on how Bootstrap interprets the column it might sort with "April" alerts first, then February, etc., because it is looking at just the alphabetical ordering of the month. That's obviously wrong.

It's possible that either Moment.js or something siimilar is present with the Bootstrap environmnet on pfSense. To be honest I've just not kept up with the changes in Bootstrap as I have not needed to.

bmeeks

@manilx said in Date format Suricata:

@fireodo fine with that. Just the numeric MM-DD is SO weird for us europeans ;)

I undertand that. The European date format is also "weird" to Americans . Hopefully I can find a fully configurable answer.

fireodo

@bmeeks said in Date format Suricata:

For example, if you had alerts from January through May, your sorting would be "off".

You're right!