[Oisf-devel] ssh json
Peter Manev
petermanev at gmail.com
Sat Mar 1 18:19:28 EST 2014
> On 2 mar 2014, at 00:12, Brian Rectanus <brectanu at gmail.com> wrote:
>
> Use an iso timestamp. At least something sortable with yyyy-mm-dd.
>
> 2011-12-22T22:25:52.921841Z
How is the JSON timestamp not sortable ?
>
>> On Saturday, March 1, 2014, Victor Julien <victor at inliniac.net> wrote:
>> Any feedback on this format?
>>
>> {"time":"12\/22\/2011-22:25:52.921841","pcap_cnt":9,"event_type":"ssh","src_ip":"192.168.0.110","src_port":22,"dest_ip":"218.75.172.161","dest_port":56779,"proto":"TCP","ssh":{"client":{"proto_version":"2.0","software_version":"libssh-0.1"},"server":{"proto_version":"2.0","software_version":"OpenSSH_4.7p1
>> Debian-8ubuntu3"}}}
>>
>> --
>> ---------------------------------------------
>> Victor Julien
>> http://www.inliniac.net/
>> PGP: http://www.inliniac.net/victorjulien.asc
>> ---------------------------------------------
>>
>> _______________________________________________
>> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Participate: http://suricata-ids.org/participate/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>> Redmine: https://redmine.openinfosecfoundation.org/
>
>
> --
> Brian Rectanus
> _______________________________________________
> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
> Site: http://suricata-ids.org | Participate: http://suricata-ids.org/participate/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> Redmine: https://redmine.openinfosecfoundation.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20140302/b4a73de6/attachment.html>
More information about the Oisf-devel
mailing list