[Oisf-devel] ssh json
Peter Manev
petermanev at gmail.com
Sun Mar 2 18:06:20 UTC 2014
> On 2 mar 2014, at 16:48, Jason Ish <lists at unx.ca> wrote:
>
>> On Sat, Mar 1, 2014 at 5:12 PM, Brian Rectanus <brectanu at gmail.com> wrote:
>> Use an iso timestamp. At least something sortable with yyyy-mm-dd.
>>
>> 2011-12-22T22:25:52.921841Z
>>
>>> On Saturday, March 1, 2014, Victor Julien <victor at inliniac.net> wrote:
>>>
>>> Any feedback on this format?
>>>
>>>
>>> {"time":"12\/22\/2011-22:25:52.921841","pcap_cnt":9,"event_type":"ssh","src_ip":"192.168.0.110","src_port":22,"dest_ip":"218.75.172.161","dest_port":56779,"proto":"TCP","ssh":{"client":{"proto_version":"2.0","software_version":"libssh-0.1"},"server":{"proto_version":"2.0","software_version":"OpenSSH_4.7p1
>>> Debian-8ubuntu3"}}}
>
> Yeah, I agree with Brian here. I find the ISO format a little easier
> to read as well, perhaps no escaping. And it seems to be a common
> format for use with JSON. I guess this comment applies to all the
> json output, not just ssh.
I agree aswel.
> _______________________________________________
> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
> Site: http://suricata-ids.org | Participate: http://suricata-ids.org/participate/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> Redmine: https://redmine.openinfosecfoundation.org/
More information about the Oisf-devel
mailing list