Feature #1978
closedUsing date in logs name
Description
Hi, i just want support thing something like:
filename: eve-alert-%{+xx.MM.dd}.json
VJ Updated by Victor Julien over 9 years ago
- Status changed from New to Assigned
- Assignee set to Jason Ish
- Target version set to TBD
I think this could be nice.
JI Updated by Jason Ish over 9 years ago
What about posix style strftime formatting: eve-alert-%y.%m.%d.
I'm going to guess that automatically rolling over the file at midnight would be desired behaviour as well when formatting the date this way?
TT Updated by Timofey Titovets over 9 years ago
Jason Ish wrote:
What about posix style strftime formatting: eve-alert-%y.%m.%d.
I'm going to guess that automatically rolling over the file at midnight would be desired behaviour as well when formatting the date this way?
Yes, it's okay.
Thanks.
JI Updated by Jason Ish about 9 years ago
- Status changed from Assigned to Closed
- Target version changed from TBD to 4.0beta1
Git master now has the ability to put dates in the eve log file names.
PR: https://github.com/inliniac/suricata/pull/2633
http://suricata.readthedocs.io/en/latest/output/eve/eve-json-output.html#date-modifiers-in-filename
Its important to note that when using a naming scheme, Suricata will open new files as needed, with the new date but will not remove the old ones. That is up to you.
VJ Updated by Victor Julien about 9 years ago
- Assignee changed from Jason Ish to Mats Klepsland