Eve.json windows timestamp field has "Eastern Daylight Time" appended to timestamp

Help
8

Hi,
Can you please try the following:

First install msys2 - 64bit
https://www.msys2.org/

Update and install the deps:

After install use the Mingw64 (click on Msys it will ask which one of the three environments to start) on start up to build Suricata. Choose Mingw64 then inside run the below pkg install commands.

pacman -Syuu

Follow the instructions for the command above after it finishes - it usually asks you to close the window and start Msys it again, in those cases , just close the window, don’t do Ctrl+C etc. Do the same for the below 2 commands as well.

pacman -S --needed base-devel mingw-w64-x86_64-toolchain git subversion

pacman -S  mingw64/mingw-w64-x86_64-libtool mingw64/mingw-w64-x86_64-pcre \
mingw64/mingw-w64-x86_64-lua mingw64/mingw-w64-x86_64-geoip \
mingw64/mingw-w64-x86_64-luajit-git wget jansson  jansson-devel libpcre pcre pcre-devel gcc  gcc-libs  make autoconf \
autogen automake git libyaml libyaml-devel zlib zlib-devel pkg-config \
mingw64/mingw-w64-x86_64-nspr mingw64/mingw-w64-x86_64-nss mingw64/mingw-w64-x86_64-rust  mingw64/mingw-w64-x86_64-python3-yaml \
mingw64/mingw-w64-x86_64-jansson msys/jansson-devel msys/jansson

Download and unzip npcap-sdk (https://nmap.org/npcap/) in the proper folder so after words you could use something similar "–with-libpcap-includes=/npcap-sdk/Include --with-libpcap-libraries=/npcap-sdk/Lib/x64 "

Also install npcap as well - https://nmap.org/npcap/dist/npcap-0.9993.exe

If you would like to try the latest Suricata code - (just adjust the npcap paths accordingly to where your install is - step 3 above):

git clone  https://github.com/OISF/suricata.git && cd suricata && git clone https://github.com/OISF/libhtp.git -b 0.5.x &&  ./autogen.sh &&  \
./configure   \
--with-libpcap-includes=c:/msys64/npcap-sdk/Include --with-libpcap-libraries=c:/msys64/npcap-sdk/Lib/x64  \
--with-libnss-libraries=/mingw64/lib/ --with-libnss-includes=/mingw64/include/nss3/ \
--with-libnspr-libraries=/mingw64/lib/ --with-libnspr-includes=/mingw64/include/nspr/ \
--enable-lua --enable-geoip --disable-gccmarch-native \
&& make clean && make -j 2

The resulting Suricata exe should be under “src/.libs/”

Thanks for testing !