Hi,
i’m living in Germany, so my timezone is Europe/Berlin.
The timestamps in eve.json are in UTC.
Is there a way to have these timestamps in tz Europe/Berlin ?
I changed /etc/timezone but this didn’t help.
I’m running Suricata 7.0.2 on Ubuntu 22.04.3
Thanks.
Bernd
Hi,
i found Feature #2415: Force timestamp to UTC timezone via yaml - Suricata - Open Information Security Foundation.
It says: “Ticket closed, it’s been decided to avoid modifying the configuration to enforce a behavior that can be set via environment variable”.
So it should be able to change the tz via environment variable.
But how ?
/proc/pid_of_suricata/environ has just:
SYSTEMD_EXEC_PID=41320JOURNAL_STREAM=8:191577PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binINVOCATION_ID=8b232cf169a14d0b8c971625652a3995LANG=en_US.UTF-8PWD=/
Nothing about the timezone.
Bernd
Suricata would use your local timezone, so I would double check your local settings.
On my ArchLinux system running Suricata in Germany uses the correct timestamps for example.
So must be related to your time settings in your environment.