From 531c4336c9bb5e9c66312b18148be63a66707bde Mon Sep 17 00:00:00 2001
From: Jason Ish <jason.ish@oisf.net>
Date: Thu, 22 Dec 2022 10:05:15 -0600
Subject: [PATCH] logging: use ISO-like timestamp in file log

Also update suricata.yaml to show this default, as updating the
"default-log-format" does not affect the file output.
---
 src/util-debug.h | 2 +-
 suricata.yaml.in | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/util-debug.h b/src/util-debug.h
index aab6c84d3d..167f9c2fa0 100644
--- a/src/util-debug.h
+++ b/src/util-debug.h
@@ -74,7 +74,7 @@ typedef enum {
 } SCLogOPType;
 
 /* The default log_format, if it is not supplied by the user */
-#define SC_LOG_DEF_FILE_FORMAT      "[%i - %m] %t %d: %S: %M"
+#define SC_LOG_DEF_FILE_FORMAT      "[%i - %m] %z %d: %S: %M"
 #define SC_LOG_DEF_LOG_FORMAT_REL   "%D: %S: %M"
 #define SC_LOG_DEF_LOG_FORMAT_RELV  "%d: %S: %M"
 #define SC_LOG_DEF_LOG_FORMAT_RELVV "[%i] %d: %S: %M"
diff --git a/suricata.yaml.in b/suricata.yaml.in
index a2788d6a8a..62df74e147 100644
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -577,6 +577,7 @@ logging:
       enabled: yes
       level: info
       filename: suricata.log
+      # format: "[%i - %m] %z %d: %S: %M"
       # type: json
   - syslog:
       enabled: no