From 48f0fd3c74a3abd33411ef066162bbb09722cd48 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Thu, 22 Dec 2022 10:12:35 -0600 Subject: [PATCH] doc/userguide: update logging section for time formats - Update fragment of configuration file to match suricata.yaml with new default-log-format. - Document new %z format specifier. --- doc/userguide/configuration/suricata-yaml.rst | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/doc/userguide/configuration/suricata-yaml.rst b/doc/userguide/configuration/suricata-yaml.rst index 5b4caea75b..da6eff556d 100644 --- a/doc/userguide/configuration/suricata-yaml.rst +++ b/doc/userguide/configuration/suricata-yaml.rst @@ -1780,8 +1780,11 @@ Default Configuration Example # something reasonable if not provided. Can be overridden in an # output section. You can leave this out to get the default. # - # This value is overridden by the SC_LOG_FORMAT env var. - #default-log-format: "[%i] %t - (%f:%l) <%d> (%n) -- " + # This console log format value can be overridden by the SC_LOG_FORMAT env var. + #default-log-format: "%D: %S: %M" + # + # For the pre-7.0 log format use: + #default-log-format: "[%i] %t [%S] - (%f:%l) <%d> (%n) -- " # A regex to filter output. Can be overridden in an output section. # Defaults to empty (no filter). @@ -1799,6 +1802,7 @@ Default Configuration Example enabled: yes level: info filename: suricata.log + # format: "[%i - %m] %z %d: %S: %M" # type: json - syslog: enabled: no @@ -1850,8 +1854,8 @@ specified signs: :: - t: Time, timestamp, time and date - example: 15/10/2010 - -11:40:07 + z: ISO-like formatted timestamp: YYYY-MM-DD HH:MM:SS + t: Original Suricata log timestamp: DD/MM/YYYY -- HH:MM::SS p: Process ID. Suricata's whole processing consists of multiple threads. i: Thread ID. ID of individual threads. m: Thread module name. (Outputs, Detect etc.)