[Oisf-devel] ssh json
Victor Julien
victor at inliniac.net
Tue Mar 4 14:06:09 UTC 2014
On 03/02/2014 12:12 AM, Brian Rectanus wrote:
> Use an iso timestamp. At least something sortable with yyyy-mm-dd.
>
> 2011-12-22T22:25:52.921841Z
Any suggestions on how to generate this string? Was looking at strftime,
but since it uses "struct tm" it seems to use a max precision of a second.
I can of course easily generate the above string myself, however the ISO
8601 format seems take into account timezones and all, and I don't want
to implement all that logic manually.
Cheers,
Victor
> On Saturday, March 1, 2014, Victor Julien <victor at inliniac.net
> <mailto:victor at inliniac.net>> wrote:
>
> Any feedback on this format?
>
> {"time":"12\/22\/2011-22:25:52.921841","pcap_cnt":9,"event_type":"ssh","src_ip":"192.168.0.110","src_port":22,"dest_ip":"218.75.172.161","dest_port":56779,"proto":"TCP","ssh":{"client":{"proto_version":"2.0","software_version":"libssh-0.1"},"server":{"proto_version":"2.0","software_version":"OpenSSH_4.7p1
> Debian-8ubuntu3"}}}
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
> Site: http://suricata-ids.org | Participate:
> http://suricata-ids.org/participate/
> List:
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> Redmine: https://redmine.openinfosecfoundation.org/
>
>
>
> --
> Brian Rectanus
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list