[Oisf-devel] ssh json

Victor Julien victor at inliniac.net
Wed Mar 5 13:31:28 UTC 2014 

On 03/05/2014 05:21 AM, Tom DeCanio wrote:
> How about a yaml option that selects one or the other?  Make everybody
> happy.

Good idea. I've opened a ticket for this:
https://redmine.openinfosecfoundation.org/issues/1123

Post 2.0 material. We're too close to the release.

If anyone is interested in picking up this ticket, please take it.

Cheers,
Victor

> Tom
> 
> 
> On Tue, Mar 4, 2014 at 6:03 PM, Victor Julien <victor at inliniac.net
> <mailto:victor at inliniac.net>> wrote:
> 
>     On 03/04/2014 06:15 PM, Brian Rectanus wrote:
>     > On Tue, Mar 4, 2014 at 8:28 AM, Victor Julien <victor at inliniac.net
>     <mailto:victor at inliniac.net>
>     > <mailto:victor at inliniac.net <mailto:victor at inliniac.net>>> wrote:
>     >
>     >     On 03/04/2014 03:06 PM, Victor Julien wrote:
>     >     > On 03/02/2014 12:12 AM, Brian Rectanus wrote:
>     >     >> Use an iso timestamp. At least something sortable with
>     yyyy-mm-dd.
>     >     >>
>     >     >> 2011-12-22T22:25:52.921841Z
>     >     >
>     >     > Any suggestions on how to generate this string? Was looking at
>     >     strftime,
>     >     > but since it uses "struct tm" it seems to use a max
>     precision of a
>     >     second.
>     >     >
>     >     > I can of course easily generate the above string myself, however
>     >     the ISO
>     >     > 8601 format seems take into account timezones and all, and I
>     don't
>     >     want
>     >     > to implement all that logic manually.
>     >
>     >     If I ignore that timezone stuff for now, this is an example of
>     what it
>     >     would look like:
>     >
>     >     {"time":"2014-02-07T17:15:28.972757Z",...
>     >
>     >     Code:
>     >
>     >     static void CreateTimeStringISO(struct timeval *tv, char
>     *buffer, size_t
>     >     buflen)
>     >     {
>     >         char local_buf[64];
>     >         time_t time = tv->tv_sec;
>     >         struct tm local_tm;
>     >         struct tm *t = (struct tm*)SCLocalTime(time, &local_tm);
>     >
>     >         strftime(local_buf, sizeof(local_buf), "%FT%T", t);
>     >         snprintf(buffer, buflen, "%s.%06uZ", local_buf,
>     >     (uint32_t)tv->tv_usec);
>     >     }
>     >
>     >     Thoughts?
>     >
>     >
>     > Yes, you could ignore timezone and use Z (UTC time, e.g., short for
>     > -0000) if you use gm time vs local time.
> 
>     I can live with this. Lots of ppl don't really like UTC though. Thoughts
>     anyone?
> 
>     --
>     ---------------------------------------------
>     Victor Julien
>     http://www.inliniac.net/
>     PGP: http://www.inliniac.net/victorjulien.asc
>     ---------------------------------------------
> 
>     _______________________________________________
>     Suricata IDS Devel mailing list:
>     oisf-devel at openinfosecfoundation.org
>     <mailto:oisf-devel at openinfosecfoundation.org>
>     Site: http://suricata-ids.org | Participate:
>     http://suricata-ids.org/participate/
>     List:
>     https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>     Redmine: https://redmine.openinfosecfoundation.org/
> 
> 


-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------

More information about the Oisf-devel mailing list