Suricata - MM/DD/YYYY Log Entry Formating

priller

I noticed that suricata.log entries are in the format DD/MM/YYYY.

But, all other logs are in the MM/DD/YYYY format.

Can suricata.log be changed to be consistent?

Thanks!

Suricata 1.4.6 pkg v1.0.1

bmeeks

@priller:

I noticed that suricata.log entries are in the format DD/MM/YYYY.

But, all other logs are in the MM/DD/YYYY format.

Can suricata.log be changed to be consistent?

Thanks!

Suricata 1.4.6 pkg v1.0.1

The actual log entries in alerts.log, "no", not without customizing the code.  I have been thinking about offering a customization for how dates are displayed on the ALERTS and BLOCKED tab, though.  Would that work just as well?

I think Suricata defaults to that format internally because the primary developers are in Europe.

Bill

priller

Not "alerts.log" …... "suricata.log".  It uses a different date format from all the other logs.

suricata.log

3/5/2014 -- 14:37:21 

To match the other logs that should be 5/3/2014, or more specifically 05/03/2014 .  Today being 5/5, it's a bad day to compare the different formats!  ;D

alerts.log

05/01/2014-02:38:47.669925

http.log

05/03/2014-17:40:37.873931 

tls.log

05/02/2014-07:39:35.069581 

bmeeks

@priller:

Not "alerts.log" …... "suricata.log".  It uses a different date format from all the other logs.

suricata.log

3/5/2014 -- 14:37:21 

To match the other logs that should be 5/3/2014, or more specifically 05/03/2014 .  Today being 5/5, it's a bad day to compare the different formats!  ;D

alerts.log

05/01/2014-02:38:47.669925

http.log

05/03/2014-17:40:37.873931 

tls.log

05/02/2014-07:39:35.069581 

Oh…sorry, I understand now.  I will look again in the config docs, but I don't think there is any way to change that outside of editing the actual binary source code.  I can see how much of an issue that would be and perhaps sneak it into the next release when I upgrade to 2.0.

Bill