[Oisf-devel] ssh json

Brian Rectanus brectanu at gmail.com
Sat Mar 1 23:47:58 UTC 2014 

On Saturday, March 1, 2014, Peter Manev <petermanev at gmail.com> wrote:

>
>
> On 2 mar 2014, at 00:28, Brian Rectanus <brectanu at gmail.com<javascript:_e(%7B%7D,'cvml','brectanu at gmail.com');>>
> wrote:
>
> On Saturday, March 1, 2014, Peter Manev <petermanev at gmail.com<javascript:_e(%7B%7D,'cvml','petermanev at gmail.com');>>
> wrote:
>
>>
>>
>> On 2 mar 2014, at 00:12, Brian Rectanus <brectanu at gmail.com> wrote:
>>
>> Use an iso timestamp. At least something sortable with yyyy-mm-dd.
>>
>> 2011-12-22T22:25:52.921841Z
>>
>>
>> How is the JSON timestamp not sortable ?
>>
>
>  It is just text in json, so the mm/dd/yyyy as a string is not sortable.
> (e.g., 01/22/2014 comes before 12/22/2011). Also, a format that sid not
> require escaping seems better.
>
>
> Makes sense.
> The part about the sid - what do you mean?
>
>

Heh. s/sid/does/. The slashes have to be escaped from / to \/.



>
>
>
>>
>> On Saturday, March 1, 2014, Victor Julien <victor at inliniac.net> wrote:
>>
>>> Any feedback on this format?
>>>
>>>
>>> {"time":"12\/22\/2011-22:25:52.921841","pcap_cnt":9,"event_type":"ssh","src_ip":"192.168.0.110","src_port":22,"dest_ip":"218.75.172.161","dest_port":56779,"proto":"TCP","ssh":{"client":{"proto_version":"2.0","software_version":"libssh-0.1"},"server":{"proto_version":"2.0","software_version":"OpenSSH_4.7p1
>>> Debian-8ubuntu3"}}}
>>>
>>> --
>>> ---------------------------------------------
>>> Victor Julien
>>> http://www.inliniac.net/
>>> PGP: http://www.inliniac.net/victorjulien.asc
>>> ---------------------------------------------
>>>
>>> _______________________________________________
>>> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
>>> Site: http://suricata-ids.org | Participate:
>>> http://suricata-ids.org/participate/
>>> List:
>>> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>>> Redmine: https://redmine.openinfosecfoundation.org/
>>>
>>
>>
>> --
>> Brian Rectanus
>>
>> _______________________________________________
>> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Participate:
>> http://suricata-ids.org/participate/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>> Redmine: https://redmine.openinfosecfoundation.org/
>>
>>
>
> --
> Brian Rectanus
>
>

-- 
Brian Rectanus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20140301/ae03fea5/attachment-0002.html>

More information about the Oisf-devel mailing list