Eve.json windows timestamp field has "Eastern Daylight Time" appended to timestamp

Help
21

Nice! This works!!
git clone --single-branch --branch master-5.0.x https://github.com/OISF/suricata.git && cd suricata && git clone https://github.com/OISF/libhtp.git -b 0.5.x && ./autogen.sh

./configure --with-libpcap-includes=/npcap-sdk/Include --with-libpcap-libraries=/npcap-sdk/Lib/x64 --with-libnss-libraries=/mingw64/lib/ --with-libnss-includes=/mingw64/include/nss3/ --with-libnspr-libraries=/mingw64/lib/ --with-libnspr-includes=/mingw64/include/nspr/ --enable-lua --disable-gccmarch-native --enable-gccprotect

make clean && make -j 2

For those reading from the futureā€¦
The suricata.exe will be in the src/.libs folder Copy the suricata.exe to c:\suricataNew
but you also need several dlls. Those can be found in c:\msys64\mingw64\bin*.dll
I took all of those dlls (all are not needed) and put them in C:\suricataNew

From a security perspective, a non-admin user shouldnā€™t be able to change the suricata.exe file, if an attacker can change the suricata file and you are running it from an admin user, an attacker can become admin. Leaving out several details here, but the point is protect exeā€™s that you run with elevated privs or those exeā€™s can be used to own the machine.

22

The Eastern Daylight Time timestamp fix wasnā€™t in master 5.0, but I was able to get Suricata 6 working and ALL IS GOOD. Thanks for fixing the timestamp issue on Windows!

git clone https://github.com/OISF/suricata.git && cd suricata && git clone https://github.com/OISF/libhtp.git -b 0.5.x && ./autogen.sh

#This path fix is definitely needed.
export PATH=$PATH:/c/Users/YOUR-USERNAME/.cargo/bin

echo $PATH

cargo install cbindgen #This step may not be needed, Canā€™t recall if cbindgen was already there or not.

cbindgen --version

./configure --with-libpcap-includes=/npcap-sdk/Include --with-libpcap-libraries=/npcap-sdk/Lib/x64 --with-libnss-libraries=/mingw64/lib/ --with-libnss-includes=/mingw64/include/nss3/ --with-libnspr-libraries=/mingw64/lib/ --with-libnspr-includes=/mingw64/include/nspr/ --enable-lua --disable-gccmarch-native --enable-gccprotect

make clean && make -j 2

Again, for those reading from the futureā€¦
The suricata.exe will be in the src/.libs folder Copy the suricata.exe to c:\suricataNew
but you also need several dlls. Those can be found in c:\msys64\mingw64\bin*.dll
I took all of those dlls (all are not needed) and put them in C:\suricataNew

23

Thank you for the feedback.
We will need to add this and the docs.

1 Like