From 9467f010f0553492f62c0b2c28c2dc887c33c3e9 Mon Sep 17 00:00:00 2001 From: Felipe Zipitria Date: Sun, 21 Mar 2021 07:59:42 -0300 Subject: [PATCH] docs: update time formats in readme Signed-off-by: Felipe Zipitria --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 7a18ae1d..1430692f 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,7 @@ logfile: '../coreruleset/tests/logs/modsec2-apache/apache2/error.log' logtype: name: 'apache' timeregex: '\[([A-Z][a-z]{2} [A-z][a-z]{2} \d{1,2} \d{1,2}\:\d{1,2}\:\d{1,2}\.\d+? \d{4})\]' - timeformat: '%a %b %d %H:%M:%S.%f %Y' + timeformat: 'ddd MMM DD HH:mm:ss.S YYYY' ``` For nginx, as logs will be to the second, you need to add the amount of time you want to truncate to. This will for example discard anything less than one second: @@ -58,6 +58,8 @@ logtype: timetruncate: 1s ``` +Time format specification follows the one used by [gostradamus](https://github.com/bykof/gostradamus#token-table). + If your webserver uses a different time format, please [create an issue](https://github.com/fzipi/go-ftw/issues/new/choose) and we can extend the documentation to cover it. I normally perform my testing using the [Core Rule Set](https://github.com/coreruleset/coreruleset/).