[Oisf-users] Questions to commit 6c3c234, output-json: update timestamp format
Shirkdog
shirkdog at gmail.com
Thu Mar 6 21:51:27 UTC 2014
Is there a better way to output full packet data from Suricata than
the debug output? I would like to have this in one event and I am
starting to look at the json output.
---
Michael Shirk
On Thu, Mar 6, 2014 at 1:18 PM, Eric Leblond <eric at regit.org> wrote:
> Hello,
> Le 6 mars 2014 18:09, Victor Julien <lists at inliniac.net> a écrit :
>>
>> On 03/06/2014 04:50 PM, Stefan Sabolowitsch wrote:
>> > i have a question to your commit 6c3c234, output-json: update timestamp format.
>> > How many micro seconds digits here, three or six ?
>> > This is important, the logstash version 1.3.x only 3 digits are allowed.
>>
>> It adds 6. Interestingly, I have been setting up logstash 1.3 today, and
>> it seems perfectly happy with the 6 digits.
>
> I confirm. As mentioned in the commit messages I've done tests on logstash and splunk and both behaves fine with configuration described in commit message.
>
> BR
>
>>
>> --
>> ---------------------------------------------
>> Victor Julien
>> http://www.inliniac.net/
>> PGP: http://www.inliniac.net/victorjulien.asc
>> ---------------------------------------------
>>
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> OISF: http://www.openinfosecfoundation.org/
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
More information about the Oisf-users
mailing list