Date format Suricata
-
Hi
Suricata doesn't respect European date format in the the alerts list.
Time is 24h fine. But date is MM/DD/YYYY instead of DD/MMSmall change for us Europeans ;)
-
@manilx Are you using NTP and if so, did you select European time servers?
-
@nollipfsense
The time is correct!
-
@manilx Well, thought that would provide the correct format...it seems not...
-
@nollipfsense I can't find a setting nowhere to define date/time format.....
-
@manilx Never set mine however, here showing the format you seek...
-
@nollipfsense Same format here in that screen! But in the log it's "wrong"
-
@manilx The image above (previous edited post( shows two different formats...
-
Same here. It's something the developer can fix. It's minor but.....
-
@manilx NTP log, Status > System logs > NTP shows what you want...MM/DD
-
@nollipfsense Yes but this is the alert view I have issues with.
-
@manilx You may have to live with it for a while...there wont be any priority to change anytime soon.
-
@nollipfsense yeah
-
I changed this quite some back because all the American users were complaining about the native Suricata format. Because the Suricata development team resides in The Netherlands, the native logging output is in European format. The American users hated it, mainly because Snort logged in US format as well and they were accustomed to that. So, I changed the formatting of the alerts log output to the current date form (Month / Day / Year).
It is something that can be changed by a few edits to the PHP code in the
/usr/local/www/suricata/suricata_alerts.phpfile. Making this some sort of global setting is a bit more work. -
@bmeeks There should be a simple option!
I hate the actual format as well....
Give me the details on the edit in the meantime pls. -
@bmeeks said in Date format Suricata:
I changed this quite some back because all the American users were complaining
@manilx said in Date format Suricata:
There should be a simple option!
Imo there is no simple solution. Options
-
Chose a common format -> some users will be happy, those that don't use the chosen format will be annoyed.
-
Choose a format no one uses but all recognise (eg ISO YYYY-MM-DD which I like as a text sort is chronological).
-
Implement number and date localisation in pfsense.
-
Implement number and date localisation in Suricate
So with lots of work there are general solutions but probably better tasks to spend that programming effort on.
-
-
@patch Would be happy with yyyy-mm-ddd. The US mm-dd is what I really do hate!
Yes and it is minor. But as the others have complained and you "had to change" I'm at least at the same spot ;)
-
@manilx P.S: The format used in the widget is fine!
-
I will see what I can do to make this a little more configurable. There are some limitations on the ALERTS tab with available column widths. That's the reason the two-digit year format was chosen. Space overall across the table is constrained by the way formatting is done in bootstrap.
Perhaps using the Dashboard Widget format as @manilx suggests is the best compromise. That will not cause a column width problem, and I really doubt anyone has an ALERTS tab showing alerts from a previous year except for maybe early in January of a new year.
-
Oops! Upon further reflection on this, using the Dashboard Widget data format with just the three-letter abbreviated month and then the day of the month will cause big-time sorting issues. When sorting the column contents the bootstrap code by default is going to use alphanumeric sorting, so "Apr" would come before "Mar", and that is incorrect in terms of ascending dates, for example.
Now I remember the main reason I made the switch to American format for the dates
. It was so the bootstrap column sorting would work. Prior to pfSense migrating the GUI code to bootstrap, there was no table column sorting and so the displayed date format did not matter. Now, with table column sorting built into the GUI, the format of data does matter. When column sorting was first introduced, users were complaining because the default text sorting of the Alert Date column was not correct using anything other than YY-MM-DD for the date format.I need to see if the current pfSense bootstrap environment includes the
Moment.jscomponent so that the format of the date field can be specified in the table column header field to control how bootstrap sorts the column.I'm not giving up, but the task just got a little more complicated.
