[Oisf-devel] Small patch to enable ISO8601 date format
Jim Hranicky
jfh at ufl.edu
Mon Jan 18 15:54:38 UTC 2010
Victor Julien wrote:
> I agree Will. Another option could be to make the date string
> configurable by just adding options for each field like hour, second,
> day etc...
That would work, but it looks like the standard spec for month ('m')
is already taken for Thread module name. Not a show-stopper, but
that could make things kind of tricky.
Here's another patch that uses '%T' as an ISO8601-style timestamp.
When I compiled and ran suricata, it didn't go into effect until
I recompiled and changed the definition of SC_LOG_DEF_LOG_FORMAT:
#define SC_LOG_DEF_LOG_FORMAT "[%i] %T - (%f:%l) <%d> (%n) -- "
It looks like the code currently isn't using the definition in the
YAML file (though of course I may be mistaken).
I'm going through the code now to find out where it should be set,
but if someone in the know wants to beat me to it, that's fine :-)
Jim
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: iso8601-T.patch
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20100118/c021de6c/attachment.ksh>
More information about the Oisf-devel
mailing list