Suricata - MM/DD/YYYY Log Entry Formating



  • I noticed that suricata.log entries are in the format DD/MM/YYYY.

    But, all other logs are in the MM/DD/YYYY format.

    Can suricata.log be changed to be consistent?

    Thanks!

    Suricata 1.4.6 pkg v1.0.1



  • @priller:

    I noticed that suricata.log entries are in the format DD/MM/YYYY.

    But, all other logs are in the MM/DD/YYYY format.

    Can suricata.log be changed to be consistent?

    Thanks!

    Suricata 1.4.6 pkg v1.0.1

    The actual log entries in alerts.log, "no", not without customizing the code.  I have been thinking about offering a customization for how dates are displayed on the ALERTS and BLOCKED tab, though.  Would that work just as well?

    I think Suricata defaults to that format internally because the primary developers are in Europe.

    Bill



  • Not "alerts.log" …... "suricata.log".  It uses a different date format from all the other logs.

    suricata.log

    3/5/2014 -- 14:37:21 
    

    To match the other logs that should be 5/3/2014, or more specifically 05/03/2014 .  Today being 5/5, it's a bad day to compare the different formats!  ;D

    alerts.log

    05/01/2014-02:38:47.669925
    

    http.log

    05/03/2014-17:40:37.873931 
    

    tls.log

    05/02/2014-07:39:35.069581 
    


  • @priller:

    Not "alerts.log" …... "suricata.log".  It uses a different date format from all the other logs.

    suricata.log

    3/5/2014 -- 14:37:21 
    

    To match the other logs that should be 5/3/2014, or more specifically 05/03/2014 .  Today being 5/5, it's a bad day to compare the different formats!  ;D

    alerts.log

    05/01/2014-02:38:47.669925
    

    http.log

    05/03/2014-17:40:37.873931 
    

    tls.log

    05/02/2014-07:39:35.069581 
    

    Oh…sorry, I understand now.  I will look again in the config docs, but I don't think there is any way to change that outside of editing the actual binary source code.  I can see how much of an issue that would be and perhaps sneak it into the next release when I upgrade to 2.0.

    Bill