Hi all,
Is it possible to modify timestamp format produced by default in json output files? Can I change to iso8601 format (like Zeek does)?
I have tried to use “timestamp-format: iso8601” option in eve-log’s output without luck.
Thanks
The time format cannot be configured. See util-time.c::CreateIsoTimeString
If this feature is needed, please consider creating a feature request on our redmine site: Overview - Suricata - Open Information Security Foundation