<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div><br></div><div><br>On 2 mar 2014, at 00:28, Brian Rectanus <<a href="mailto:brectanu@gmail.com">brectanu@gmail.com</a>> wrote:<br><br></div><blockquote type="cite"><div>On Saturday, March 1, 2014, Peter Manev <<a href="mailto:petermanev@gmail.com">petermanev@gmail.com</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="auto"><div><br></div><div><br>On 2 mar 2014, at 00:12, Brian Rectanus <<a href="javascript:_e(%7B%7D,'cvml','brectanu@gmail.com');" target="_blank">brectanu@gmail.com</a>> wrote:<br><br></div>
<blockquote type="cite"><div>Use an iso timestamp. At least something sortable with yyyy-mm-dd. <div><br></div><div>2011-12-22T22:25:52.921841Z</div></div></blockquote><div><br></div><div>How is the JSON timestamp not sortable ?</div>
</div></blockquote><div><br></div><div> <font><span style="background-color:rgba(255,255,255,0)">It is just text in json, so the mm/dd/yyyy as a string is not sortable. (e.g., 01/22/2014 comes before 12/22/2011). Also, a format that sid not require escaping seems better. <span></span> </span></font></div></div></blockquote><div><br></div><div>Makes sense.</div><div>The part about the sid - what do you mean?</div><div><br></div><br><blockquote type="cite"><div>
<div><font><span style="background-color:rgba(255,255,255,0)"><br></span></font></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto"><br><blockquote type="cite">
<div><div><span></span><div><br>On Saturday, March 1, 2014, Victor Julien <<a href="javascript:_e(%7B%7D,'cvml','victor@inliniac.net');" target="_blank">victor@inliniac.net</a>> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Any feedback on this format?<br>
<br>
{"time":"12\/22\/2011-22:25:52.921841","pcap_cnt":9,"event_type":"ssh","src_ip":"192.168.0.110","src_port":22,"dest_ip":"218.75.172.161","dest_port":56779,"proto":"TCP","ssh":{"client":{"proto_version":"2.0","software_version":"libssh-0.1"},"server":{"proto_version":"2.0","software_version":"OpenSSH_4.7p1<br>
Debian-8ubuntu3"}}}<br>
<br>
--<br>
---------------------------------------------<br>
Victor Julien<br>
<a href="http://www.inliniac.net/" target="_blank">http://www.inliniac.net/</a><br>
PGP: <a href="http://www.inliniac.net/victorjulien.asc" target="_blank">http://www.inliniac.net/victorjulien.asc</a><br>
---------------------------------------------<br>
<br>
_______________________________________________<br>
Suricata IDS Devel mailing list: <a>oisf-devel@openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a> | Participate: <a href="http://suricata-ids.org/participate/" target="_blank">http://suricata-ids.org/participate/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel</a><br>
Redmine: <a href="https://redmine.openinfosecfoundation.org/" target="_blank">https://redmine.openinfosecfoundation.org/</a><br>
</blockquote></div></div><br><br>-- <br>Brian Rectanus<br>
</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>Suricata IDS Devel mailing list: <a href="javascript:_e(%7B%7D,'cvml','oisf-devel@openinfosecfoundation.org');" target="_blank">oisf-devel@openinfosecfoundation.org</a></span><br>
<span>Site: <a href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a> | Participate: <a href="http://suricata-ids.org/participate/" target="_blank">http://suricata-ids.org/participate/</a></span><br><span>List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel</a></span><br>
<span>Redmine: <a href="https://redmine.openinfosecfoundation.org/" target="_blank">https://redmine.openinfosecfoundation.org/</a></span></div></blockquote></div></blockquote><br><br>-- <br>Brian Rectanus<br>
</div></blockquote></body></html>