Suricata - MM/DD/YYYY Log Entry Formating
-
I noticed that suricata.log entries are in the format DD/MM/YYYY.
But, all other logs are in the MM/DD/YYYY format.
Can suricata.log be changed to be consistent?
Thanks!
Suricata 1.4.6 pkg v1.0.1
-
I noticed that suricata.log entries are in the format DD/MM/YYYY.
But, all other logs are in the MM/DD/YYYY format.
Can suricata.log be changed to be consistent?
Thanks!
Suricata 1.4.6 pkg v1.0.1
The actual log entries in alerts.log, "no", not without customizing the code. I have been thinking about offering a customization for how dates are displayed on the ALERTS and BLOCKED tab, though. Would that work just as well?
I think Suricata defaults to that format internally because the primary developers are in Europe.
Bill
-
Not "alerts.log" …... "suricata.log". It uses a different date format from all the other logs.
suricata.log
3/5/2014 -- 14:37:21
To match the other logs that should be 5/3/2014, or more specifically 05/03/2014 . Today being 5/5, it's a bad day to compare the different formats! ;D
alerts.log
05/01/2014-02:38:47.669925
http.log
05/03/2014-17:40:37.873931
tls.log
05/02/2014-07:39:35.069581
-
Not "alerts.log" …... "suricata.log". It uses a different date format from all the other logs.
suricata.log
3/5/2014 -- 14:37:21
To match the other logs that should be 5/3/2014, or more specifically 05/03/2014 . Today being 5/5, it's a bad day to compare the different formats! ;D
alerts.log
05/01/2014-02:38:47.669925
http.log
05/03/2014-17:40:37.873931
tls.log
05/02/2014-07:39:35.069581
Oh…sorry, I understand now. I will look again in the config docs, but I don't think there is any way to change that outside of editing the actual binary source code. I can see how much of an issue that would be and perhaps sneak it into the next release when I upgrade to 2.0.
Bill