[Oisf-devel] Small patch to enable ISO8601 date format

Will Metcalf william.metcalf at gmail.com
Mon Jan 18 02:47:46 UTC 2010 

Heya Jim,

Thanks for the patch.  I like the idea although I wonder if it might be
cleaner to actually implement a log option similar to 't' and then maybe
have a completely separate case for this in util-debug.c so something like
"case SC_LOG_FMT_ISO8601_TIME" or something.  This way it wouldn't have to
be a compile time option, you could just change time formats at will.
Opinions anybody?

Regards,

Will

On Sun, Jan 17, 2010 at 1:42 PM, Jim Hranicky <jfh at ufl.edu> wrote:

> Anyone interested in a patch that enables ISO 8601 date formatting
> for timestamps in suricata logs?
>
> Attached.
>
> ----------------------------------------------------------------------
> | Jim Hranicky, Security Engineer                    UF InfoSec Team |
> | E202 SSRB                                     Phone (352) 392-2061 |
> |                              jfh at ufl.edu                           |
> ----------------------------------------------------------------------
>
> diff --git a/configure.in b/configure.in
> index 4c612fd..2d775a3 100644
> --- a/configure.in
> +++ b/configure.in
> @@ -463,6 +463,15 @@ AC_CHECK_HEADER(pcap.h,,[AC_ERROR(pcap.h not found
> ...)])
>     CFLAGS="${CFLAGS} -DUNITTESTS"
>     fi
>
> +# enable iso8601 format for timestamps
> +    AC_ARG_ENABLE(iso8601,
> +            [  --enable-iso8601  Enable compilation of the unit tests],
> +            [ enable_iso8601=yes
> +            ])
> +    if test "$enable_iso8601" = "yes"; then
> +    CFLAGS="${CFLAGS} -DISO8601"
> +    fi
> +
>  # enable debug output
>     AC_ARG_ENABLE(debug,
>             [  --enable-debug  Enable debug output],
> diff --git a/src/util-debug.c b/src/util-debug.c
> index 53b387d..c07f2c1 100644
> --- a/src/util-debug.c
> +++ b/src/util-debug.c
> @@ -306,11 +306,19 @@ SCError SCLogMessage(SCLogLevel log_level, char
> **msg, const char *file,
>                 gettimeofday(&tval, NULL);
>                 tms = localtime(&tval.tv_sec);
>
> +#ifdef ISO8601
> +                cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp -
> *msg),
> +                              "%s%04d/%02d/%02d %02d:%02d:%02d",
> +                              substr, tms->tm_year + 1900, tms->tm_mon +
> 1,
> +                              tms->tm_mday, tms->tm_hour, tms->tm_min,
> +                              tms->tm_sec);
> +#else
>                 cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - *msg),
>                               "%s%d/%d/%04d -- %02d:%02d:%02d",
>                               substr, tms->tm_mday, tms->tm_mon + 1,
>                               tms->tm_year + 1900, tms->tm_hour,
> tms->tm_min,
>                               tms->tm_sec);
> +#endif
>                 if (cw < 0)
>                     goto error;
>                 temp += cw;
>
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20100117/00d909c4/attachment-0002.html>

More information about the Oisf-devel mailing list