[Zeek] Timestamps in logs files without any msec
Seth Hall
seth at corelight.com
Wed Apr 3 05:26:11 PDT 2019
On 2 Apr 2019, at 13:10, Arda Savran wrote:
> Is there a way to use the Unix timestamp without any msec in log
> files? At
> the moment, msec is included in the timestamp.
Hm, good question. I don't think there is going to be a "good" way to
do it. If you *really* want to do it you could modify the ascii
formatter to make it reduce the decimal points off the end of the value.
There may be side effects if you do this though, I really haven't
thought through it much. Here's the line that renders that field...
https://github.com/zeek/zeek/blob/master/src/threading/formatters/Ascii.cc#L118
.Seth
--
Seth Hall * Corelight, Inc * www.corelight.com
More information about the Zeek
mailing list