Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

logging: add ISO-like timestamp option - v1 #8317

Closed
wants to merge 4 commits into from
Closed

logging: add ISO-like timestamp option - v1 #8317

wants to merge 4 commits into from

Conversation

jasonish
Copy link
Member

Add a new log format specifier %z to use a more ISO-like timestamp format YYYY-MM-DD HH:MM:SS that is more commonly used in logs these days.

  • Make this the default in the file log option.

Ticket: https://redmine.openinfosecfoundation.org/issues/5764

@jasonish
logging: add new date format: YYYY-MM-DD HH:MM:SS
d43fed3 
Adds a new logging format character, %z that uses a more standard time
format of "YYYY-MM-DD HH:MM:SS".

Ticket OISF#5764
@jasonish
suricata.yaml: update default-log-format current state
cd1bc69 
The default-log-format has changed, reflect this in the suricata.yaml.
@jasonish
logging: use ISO-like timestamp in file log
38bb3fd 
Also update suricata.yaml to show this default, as updating the
"default-log-format" does not affect the file output.
@jasonish
doc/userguide: update logging section for time formats
d628b06 
- Update fragment of configuration file to match suricata.yaml with
  new default-log-format.
- Document new %z format specifier.
jasonish
jasonish commented Dec 22, 2022
View reviewed changes
src/util-debug.c
Comment on lines -387 to +388
while ( (temp_fmt = strchr(temp_fmt, SC_LOG_FMT_PREFIX)) ) {
while ((temp_fmt = strchr(temp_fmt, SC_LOG_FMT_PREFIX))) {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

clang-format

jasonish
jasonish commented Dec 22, 2022
View reviewed changes
src/util-debug.c
Comment on lines -591 to +608
}
}
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

clang-format

@codecov
Copy link

codecov bot commented Dec 22, 2022

Codecov Report

Merging #8317 (d628b06) into master (21edf13) will increase coverage by 0.06%.
The diff coverage is 78.94%.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #8317      +/-   ##
==========================================
+ Coverage   81.83%   81.89%   +0.06%     
==========================================
  Files         963      963              
  Lines      277131   277310     +179     
==========================================
+ Hits       226791   227108     +317     
+ Misses      50340    50202     -138
Flag Coverage Δ
fuzzcorpus 64.05% <10.52%> (+0.22%) ⬆️
suricata-verify 59.66% <78.94%> (+0.02%) ⬆️
unittests 63.50% <10.52%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

Information:

field baseline test %
TREX_GENERIC_stats_chk
.capture.kernel_drops 0 51883 0.01

Pipeline 11284

jufajardini
jufajardini reviewed Jan 6, 2023
View reviewed changes
doc/userguide/configuration/suricata-yaml.rst
Comment on lines -1853 to 1861
t: Time, timestamp, time and date
example: 15/10/2010 - -11:40:07
z: ISO-like formatted timestamp: YYYY-MM-DD HH:MM:SS
t: Original Suricata log timestamp: DD/MM/YYYY -- HH:MM::SS
p: Process ID. Suricata's whole processing consists of multiple threads.
i: Thread ID. ID of individual threads.
m: Thread module name. (Outputs, Detect etc.)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With the recent changes by Victor, I think that this section is missing a few options (D, M, S, T, from what I can see).

jufajardini
jufajardini reviewed Jan 6, 2023
View reviewed changes
Copy link
Contributor

@jufajardini jufajardini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Documentation-wise looks good - although it made me realize we are missing explaining a few of the format options - left a comment inline. Case this PR is ready to merge, I can submit one to fix that bit up.

@victorjulien victorjulien mentioned this pull request Jan 10, 2023
Merged
@victorjulien
Copy link
Member

Merged in #8360, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jufajardini jufajardini jufajardini left review comments

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
4 participants
@jasonish @suricata-qa @victorjulien @jufajardini