Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Suricata - MM/DD/YYYY Log Entry Formating

    Scheduled Pinned Locked Moved pfSense Packages
    4 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      priller
      last edited by

      I noticed that suricata.log entries are in the format DD/MM/YYYY.

      But, all other logs are in the MM/DD/YYYY format.

      Can suricata.log be changed to be consistent?

      Thanks!

      Suricata 1.4.6 pkg v1.0.1

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        @priller:

        I noticed that suricata.log entries are in the format DD/MM/YYYY.

        But, all other logs are in the MM/DD/YYYY format.

        Can suricata.log be changed to be consistent?

        Thanks!

        Suricata 1.4.6 pkg v1.0.1

        The actual log entries in alerts.log, "no", not without customizing the code.  I have been thinking about offering a customization for how dates are displayed on the ALERTS and BLOCKED tab, though.  Would that work just as well?

        I think Suricata defaults to that format internally because the primary developers are in Europe.

        Bill

        1 Reply Last reply Reply Quote 0
        • P
          priller
          last edited by

          Not "alerts.log" …... "suricata.log".  It uses a different date format from all the other logs.

          suricata.log

          3/5/2014 -- 14:37:21 
          

          To match the other logs that should be 5/3/2014, or more specifically 05/03/2014 .  Today being 5/5, it's a bad day to compare the different formats!  ;D

          alerts.log

          05/01/2014-02:38:47.669925
          

          http.log

          05/03/2014-17:40:37.873931 
          

          tls.log

          05/02/2014-07:39:35.069581 
          
          1 Reply Last reply Reply Quote 0
          • bmeeksB
            bmeeks
            last edited by

            @priller:

            Not "alerts.log" …... "suricata.log".  It uses a different date format from all the other logs.

            suricata.log

            3/5/2014 -- 14:37:21 
            

            To match the other logs that should be 5/3/2014, or more specifically 05/03/2014 .  Today being 5/5, it's a bad day to compare the different formats!  ;D

            alerts.log

            05/01/2014-02:38:47.669925
            

            http.log

            05/03/2014-17:40:37.873931 
            

            tls.log

            05/02/2014-07:39:35.069581 
            

            Oh…sorry, I understand now.  I will look again in the config docs, but I don't think there is any way to change that outside of editing the actual binary source code.  I can see how much of an issue that would be and perhaps sneak it into the next release when I upgrade to 2.0.

            Bill

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.