[Oisf-devel] ssh json

Tom DeCanio decanio.tom at gmail.com
Wed Mar 5 04:21:36 UTC 2014 

How about a yaml option that selects one or the other?  Make everybody
happy.

Tom


On Tue, Mar 4, 2014 at 6:03 PM, Victor Julien <victor at inliniac.net> wrote:

> On 03/04/2014 06:15 PM, Brian Rectanus wrote:
> > On Tue, Mar 4, 2014 at 8:28 AM, Victor Julien <victor at inliniac.net
> > <mailto:victor at inliniac.net>> wrote:
> >
> >     On 03/04/2014 03:06 PM, Victor Julien wrote:
> >     > On 03/02/2014 12:12 AM, Brian Rectanus wrote:
> >     >> Use an iso timestamp. At least something sortable with yyyy-mm-dd.
> >     >>
> >     >> 2011-12-22T22:25:52.921841Z
> >     >
> >     > Any suggestions on how to generate this string? Was looking at
> >     strftime,
> >     > but since it uses "struct tm" it seems to use a max precision of a
> >     second.
> >     >
> >     > I can of course easily generate the above string myself, however
> >     the ISO
> >     > 8601 format seems take into account timezones and all, and I don't
> >     want
> >     > to implement all that logic manually.
> >
> >     If I ignore that timezone stuff for now, this is an example of what
> it
> >     would look like:
> >
> >     {"time":"2014-02-07T17:15:28.972757Z",...
> >
> >     Code:
> >
> >     static void CreateTimeStringISO(struct timeval *tv, char *buffer,
> size_t
> >     buflen)
> >     {
> >         char local_buf[64];
> >         time_t time = tv->tv_sec;
> >         struct tm local_tm;
> >         struct tm *t = (struct tm*)SCLocalTime(time, &local_tm);
> >
> >         strftime(local_buf, sizeof(local_buf), "%FT%T", t);
> >         snprintf(buffer, buflen, "%s.%06uZ", local_buf,
> >     (uint32_t)tv->tv_usec);
> >     }
> >
> >     Thoughts?
> >
> >
> > Yes, you could ignore timezone and use Z (UTC time, e.g., short for
> > -0000) if you use gm time vs local time.
>
> I can live with this. Lots of ppl don't really like UTC though. Thoughts
> anyone?
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
> Site: http://suricata-ids.org | Participate:
> http://suricata-ids.org/participate/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> Redmine: https://redmine.openinfosecfoundation.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20140305/a891c76a/attachment-0002.html>

More information about the Oisf-devel mailing list