Heya Jim,<br><br>Thanks for the patch. I like the idea although I wonder if it might be cleaner to actually implement a log option similar to 't' and then maybe have a completely separate case for this in util-debug.c so something like "case SC_LOG_FMT_ISO8601_TIME" or something. This way it wouldn't have to be a compile time option, you could just change time formats at will. Opinions anybody?<br>
<br>Regards,<br><br>Will<br><br><div class="gmail_quote">On Sun, Jan 17, 2010 at 1:42 PM, Jim Hranicky <span dir="ltr"><<a href="mailto:jfh@ufl.edu">jfh@ufl.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Anyone interested in a patch that enables ISO 8601 date formatting<br>
for timestamps in suricata logs?<br>
<br>
Attached.<br>
<br>
----------------------------------------------------------------------<br><font color="#888888">
| Jim Hranicky, Security Engineer UF InfoSec Team |<br>
| E202 SSRB Phone (352) 392-2061 |<br>
| <a href="mailto:jfh@ufl.edu" target="_blank">jfh@ufl.edu</a> |<br>
----------------------------------------------------------------------<br>
</font><br>diff --git a/<a href="http://configure.in" target="_blank">configure.in</a> b/<a href="http://configure.in" target="_blank">configure.in</a><br>
index 4c612fd..2d775a3 100644<br>
--- a/<a href="http://configure.in" target="_blank">configure.in</a><br>
+++ b/<a href="http://configure.in" target="_blank">configure.in</a><br>
@@ -463,6 +463,15 @@ AC_CHECK_HEADER(pcap.h,,[AC_ERROR(pcap.h not found ...)])<br>
CFLAGS="${CFLAGS} -DUNITTESTS"<br>
fi<br>
<br>
+# enable iso8601 format for timestamps<br>
+ AC_ARG_ENABLE(iso8601,<br>
+ [ --enable-iso8601 Enable compilation of the unit tests],<br>
+ [ enable_iso8601=yes<br>
+ ])<br>
+ if test "$enable_iso8601" = "yes"; then<br>
+ CFLAGS="${CFLAGS} -DISO8601"<br>
+ fi<br>
+<br>
# enable debug output<br>
AC_ARG_ENABLE(debug,<br>
[ --enable-debug Enable debug output],<br>
diff --git a/src/util-debug.c b/src/util-debug.c<br>
index 53b387d..c07f2c1 100644<br>
--- a/src/util-debug.c<br>
+++ b/src/util-debug.c<br>
@@ -306,11 +306,19 @@ SCError SCLogMessage(SCLogLevel log_level, char **msg, const char *file,<br>
gettimeofday(&tval, NULL);<br>
tms = localtime(&tval.tv_sec);<br>
<br>
+#ifdef ISO8601<br>
+ cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - *msg),<br>
+ "%s%04d/%02d/%02d %02d:%02d:%02d",<br>
+ substr, tms->tm_year + 1900, tms->tm_mon + 1,<br>
+ tms->tm_mday, tms->tm_hour, tms->tm_min,<br>
+ tms->tm_sec);<br>
+#else<br>
cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - *msg),<br>
"%s%d/%d/%04d -- %02d:%02d:%02d",<br>
substr, tms->tm_mday, tms->tm_mon + 1,<br>
tms->tm_year + 1900, tms->tm_hour, tms->tm_min,<br>
tms->tm_sec);<br>
+#endif<br>
if (cw < 0)<br>
goto error;<br>
temp += cw;<br>
<br>_______________________________________________<br>
Oisf-devel mailing list<br>
<a href="mailto:Oisf-devel@openinfosecfoundation.org">Oisf-devel@openinfosecfoundation.org</a><br>
<a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel</a><br>
<br></blockquote></div><br>