[Oisf-devel] ssh json
Victor Julien
victor at inliniac.net
Mon Mar 3 08:54:41 UTC 2014
On 03/02/2014 07:06 PM, Peter Manev wrote:
>
>
>> On 2 mar 2014, at 16:48, Jason Ish <lists at unx.ca> wrote:
>>
>>> On Sat, Mar 1, 2014 at 5:12 PM, Brian Rectanus <brectanu at gmail.com> wrote:
>>> Use an iso timestamp. At least something sortable with yyyy-mm-dd.
>>>
>>> 2011-12-22T22:25:52.921841Z
>>>
>>>> On Saturday, March 1, 2014, Victor Julien <victor at inliniac.net> wrote:
>>>>
>>>> Any feedback on this format?
>>>>
>>>>
>>>> {"time":"12\/22\/2011-22:25:52.921841","pcap_cnt":9,"event_type":"ssh","src_ip":"192.168.0.110","src_port":22,"dest_ip":"218.75.172.161","dest_port":56779,"proto":"TCP","ssh":{"client":{"proto_version":"2.0","software_version":"libssh-0.1"},"server":{"proto_version":"2.0","software_version":"OpenSSH_4.7p1
>>>> Debian-8ubuntu3"}}}
>>
>> Yeah, I agree with Brian here. I find the ISO format a little easier
>> to read as well, perhaps no escaping. And it seems to be a common
>> format for use with JSON. I guess this comment applies to all the
>> json output, not just ssh.
>
>
> I agree aswel.
Will this affect the way things are handled by logstash?
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list