Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change log timestamp to ISO8601 w/ timezone #518

Merged
merged 4 commits into from
Apr 9, 2019
Merged

Change log timestamp to ISO8601 w/ timezone #518

merged 4 commits into from
Apr 9, 2019

Conversation

mstemm
Copy link
Contributor

@mstemm mstemm commented Feb 7, 2019

This prevents ambiguity when, say, running falco in a container, which
may have a different /etc/localtime than the host system.

@daixiang0
Copy link
Contributor

Fix #527

@mstemm mstemm force-pushed the change-log-timestamp-iso-8601 branch 2 times, most recently from 82acafb to d53191d Compare February 13, 2019 18:28
@mfdii
Copy link
Member

mfdii commented Mar 5, 2019

@lorenzo-david can you review for @mstemm

@mstemm
Copy link
Contributor Author

mstemm commented Mar 5, 2019

Actually, this still requires some work before it's ready to review.

@mstemm mstemm force-pushed the change-log-timestamp-iso-8601 branch 2 times, most recently from 92d6be8 to ab4d552 Compare April 5, 2019 21:15
@mstemm
Add option to display times in ISO 8601 UTC
3e9e468 
ISO 8601 time is useful when, say, running falco in a container, which
may have a different /etc/localtime than the host system.

A new config option time_format_iso_8601 controls whether log message
and event times are displayed in ISO 8601 in UTC or in local time. The
default is false (display times in local time).

This option is passed to logger init as well as outputs. For outputs it
eventually changes the time format field from %evt.time/%jevt.time to
%evt.time.iso8601/%jevt.time.iso8601.

Adding this field changes the falco engine version so increment it.

This depends on draios/sysdig#1317.
@mstemm
Unit test for ISO 8601 output
9ed7319 
A unit test for ISO 8601 output ensures that both the log and event time
is in ISO 8601 format.
@mstemm
Use ISO 8601 output by default in containers
c4bc599 
Now that we have an option that controls iso 8601 output, use it by
default in containers. We do this by changing the value of
time_format_iso_8601 in falco.yaml in the container.
@mstemm mstemm force-pushed the change-log-timestamp-iso-8601 branch from 04d0da8 to c4bc599 Compare April 5, 2019 21:25
lorenzo-david
lorenzo-david approved these changes Apr 5, 2019
View reviewed changes
Copy link
Contributor

@lorenzo-david lorenzo-david left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

userspace/falco/logger.cpp Outdated Show resolved Hide resolved
lorenzo-david
lorenzo-david approved these changes Apr 5, 2019
View reviewed changes
Copy link
Contributor

@lorenzo-david lorenzo-david left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

userspace/falco/logger.cpp Outdated Show resolved Hide resolved
@mstemm
Handle errors in strftime/asctime/gmtime
73af996 
A placeholder "N/A" is used in log messages instead.
@mfdii mfdii mentioned this pull request Apr 9, 2019
Closed
@mstemm mstemm merged commit e26a950 into dev Apr 9, 2019
@mstemm mstemm deleted the change-log-timestamp-iso-8601 branch April 9, 2019 16:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lorenzo-david lorenzo-david lorenzo-david approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@mstemm @daixiang0 @mfdii @lorenzo-david