Project

General

Profile

Actions
Copy link

Bug #3690

closed

eve.json windows timestamp field has "Eastern Daylight Time" appended to timestamp

Added by Bryan Jones over 4 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Victor Julien
Target version:
6.0.0beta1
Affected Versions:
5.0.2
Effort:
Difficulty:
Label:
Needs backport, Needs backport to 4.1, Needs backport to 5.0

Description

I am running Suricata-5.0.2-1-64bit.exe suricata install on windows. When I try to import the json data into mysql using this tool, https://github.com/beave/meer, it fails on windows because the timestamp looks like this "2020-05-04T01:08:06.39502Eastern Daylight Time" In linux it looks like this. "2020-05-04T01:08:06.3950273-0400.

Note I am typing these out because the systems are not on this machine and I can't copy paste between them easily. So ignore minor time error details in case I misstyped

Is this something I can adjust in a config file, if not, can you point me to the code where this is handled so that I can strip out the "Eastern Daylight Time" string from the timestamp?

thanks

Related issues 2 (0 open2 closed)

Copied to Suricata - Bug #3723: eve.json windows timestamp field has "Eastern Daylight Time" appended to timestampClosedVictor JulienActions
Copied to Suricata - Bug #3724: eve.json windows timestamp field has "Eastern Daylight Time" appended to timestampClosedShivani BhardwajActions
Actions
Copy link
 #1

Updated by Bryan Jones over 4 years ago

This looks like the relevant commit.
https://github.com/OISF/suricata/commit/b12c53cd51ca1b24039c248f1eab6808d9686e4b

Bryan Jones wrote:

I am running Suricata-5.0.2-1-64bit.exe suricata install on windows. When I try to import the json data into mysql using this tool, https://github.com/beave/meer, it fails on windows because the timestamp looks like this "2020-05-04T01:08:06.39502Eastern Daylight Time" In linux it looks like this. "2020-05-04T01:08:06.3950273-0400.

Note I am typing these out because the systems are not on this machine and I can't copy paste between them easily. So ignore minor time error details in case I misstyped

Is this something I can adjust in a config file, if not, can you point me to the code where this is handled so that I can strip out the "Eastern Daylight Time" string from the timestamp?

thanks

Actions
Copy link
 #2

Updated by Victor Julien over 4 years ago

Some discussion about this here on the MinGW mailinglist: https://sourceforge.net/p/mingw/mailman/message/16286257/
Includes a workaround suggestion.

Actions
Copy link
 #3

Updated by Victor Julien over 4 years ago

  • Tracker changed from Support to Bug
  • Status changed from New to Assigned
  • Assignee set to Victor Julien
  • Target version set to 6.0.0beta1
  • Label Needs backport added
Actions
Copy link
 #4

Updated by Victor Julien over 4 years ago

  • Label Needs backport to 4.1, Needs backport to 5.0 added
Actions
Copy link
 #6

Updated by Victor Julien over 4 years ago

  • Status changed from Assigned to Closed
Actions
Copy link
 #7

Updated by Jeff Lucovsky over 4 years ago

  • Copied to Bug #3723: eve.json windows timestamp field has "Eastern Daylight Time" appended to timestamp added
Actions
Copy link
 #8

Updated by Jeff Lucovsky over 4 years ago

  • Copied to Bug #3724: eve.json windows timestamp field has "Eastern Daylight Time" appended to timestamp added
Actions
Copy link

Also available in: Atom PDF