[Oisf-devel] Small patch to enable ISO8601 date format
Victor Julien
victor at inliniac.net
Mon Jan 18 11:48:08 UTC 2010
I agree Will. Another option could be to make the date string
configurable by just adding options for each field like hour, second,
day etc...
Will Metcalf wrote:
> Heya Jim,
>
> Thanks for the patch. I like the idea although I wonder if it might be
> cleaner to actually implement a log option similar to 't' and then maybe
> have a completely separate case for this in util-debug.c so something
> like "case SC_LOG_FMT_ISO8601_TIME" or something. This way it wouldn't
> have to be a compile time option, you could just change time formats at
> will. Opinions anybody?
>
> Regards,
>
> Will
>
> On Sun, Jan 17, 2010 at 1:42 PM, Jim Hranicky <jfh at ufl.edu
> <mailto:jfh at ufl.edu>> wrote:
>
> Anyone interested in a patch that enables ISO 8601 date formatting
> for timestamps in suricata logs?
>
> Attached.
>
> ----------------------------------------------------------------------
> | Jim Hranicky, Security Engineer UF InfoSec Team |
> | E202 SSRB Phone (352) 392-2061 |
> | jfh at ufl.edu <mailto:jfh at ufl.edu>
> |
> ----------------------------------------------------------------------
>
> diff --git a/configure.in <http://configure.in> b/configure.in
> <http://configure.in>
> index 4c612fd..2d775a3 100644
> --- a/configure.in <http://configure.in>
> +++ b/configure.in <http://configure.in>
> @@ -463,6 +463,15 @@ AC_CHECK_HEADER(pcap.h,,[AC_ERROR(pcap.h not
> found ...)])
> CFLAGS="${CFLAGS} -DUNITTESTS"
> fi
>
> +# enable iso8601 format for timestamps
> + AC_ARG_ENABLE(iso8601,
> + [ --enable-iso8601 Enable compilation of the unit tests],
> + [ enable_iso8601=yes
> + ])
> + if test "$enable_iso8601" = "yes"; then
> + CFLAGS="${CFLAGS} -DISO8601"
> + fi
> +
> # enable debug output
> AC_ARG_ENABLE(debug,
> [ --enable-debug Enable debug output],
> diff --git a/src/util-debug.c b/src/util-debug.c
> index 53b387d..c07f2c1 100644
> --- a/src/util-debug.c
> +++ b/src/util-debug.c
> @@ -306,11 +306,19 @@ SCError SCLogMessage(SCLogLevel log_level,
> char **msg, const char *file,
> gettimeofday(&tval, NULL);
> tms = localtime(&tval.tv_sec);
>
> +#ifdef ISO8601
> + cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp
> - *msg),
> + "%s%04d/%02d/%02d %02d:%02d:%02d",
> + substr, tms->tm_year + 1900,
> tms->tm_mon + 1,
> + tms->tm_mday, tms->tm_hour, tms->tm_min,
> + tms->tm_sec);
> +#else
> cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp -
> *msg),
> "%s%d/%d/%04d -- %02d:%02d:%02d",
> substr, tms->tm_mday, tms->tm_mon + 1,
> tms->tm_year + 1900, tms->tm_hour,
> tms->tm_min,
> tms->tm_sec);
> +#endif
> if (cw < 0)
> goto error;
> temp += cw;
>
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> <mailto:Oisf-devel at openinfosecfoundation.org>
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list