Bug #1441: add timezone to timestamp in JSON logs #1437
Conversation
|
Maybe i saw wrong, but would it not be better if we follow ISO 8601 for the timestamps? Or even possibly allow for different timestamps to be configured? This would increase the ease for MSSP's to include and implement Suricata as a part of their IDS portfolio. (well a good MSSP would be able to handle a different timeformat, but hey, just generally speaking). |
|
@maxtors, it seemed to me that this format conforms to ISO-8601. It's possible to make timestamp format configurable, but is there any reason for that? Databases support this format without any problems, and most of log servers/collectors should do the same (especially if they support RFC-5424 - 'new' syslog protocol). @alessandro-guido changing timezone while suricata is running will cause a mess :) Actually, this code can be moved to CreateIsoTimeString() or called from it, but in this case it'll be better to support tm_gmtoff to avoid overhead. And if gm_gmtoff is not found, use 'legacy' style like proposed one (via ifdefs). In this case it also may be useful to have this feature togglable. |
|
Replaced with #1439 |
Fixed #1436 - now should work properly on FreeBSD too.