 |
You are here: Docs>Sheriff Web>UserGuides>SheriffCSMDocumentation>DeploymentGuide>PluginManagement>CustomizeAndDevelopNewPlugins>CustomizeExistingPluginsYourself>SupportedFormatsByTheNormalizeDateFunction (17 Sep 2021, SheriffCyberSecurity)Edit Attach
Up
Previous Next Sheriff CSMâ„¢
Lilian is the number of days since the beginning of the Gregorian Calendar on October 15, 1582
Previous Next Sheriff CSMâ„¢
Supported Formats by the normalize_date() Function
When the Sheriff CSM plugins parse logs received from various devices, they use a built-in function,normalize_date(), to convert different date formats to ISO 8601, the format accepted by the Sheriff CSM Server.
The table below shows the date formats that the normalize_date() function supports. The normalize_date() function compares the date format in the log with the supported formats, in the order presented in this table, until it finds a match.
If the date format of your device is not listed in this table, you can write a custom function to parse it yourself. See Customize Plugin Date and Time Formats for instructions.
Date Formats supported by normalize_date() | Device or Format Name | Example |
|---|---|
| DC | 2/15/2012 12:00:36 PM |
| Syslog | Oct 27 10:50:46 |
| Apache | 29/Jan/2007:17:02:20 |
| Syslog-ng | Oct 27 2007 10:50:46 |
| Bind9 | 10-Aug-2009 07:53:44 |
| Snare | Sun Jan 28 15:15:32 2007 |
| Snort | 11/08-19:19:06 |
| Suricata-http | 03/20/2012-12:12:24.376349 |
| Arpwatch | Monday, March 15, 2004 15:39:19 +0000 |
| Heartbeat | 2006/10/19_11:40:05 |
| Netgear | 11/03/2004 19:45:46 |
| Tarantella | 2007/10/18 14:38:03 |
| Citrix | 02/28/2013:12:00:00 |
| OSSEC | 2007 Nov 17 06:26:18 |
| IBM | 11/03/07 19:22:22 |
| Lucent1 | 084658,1516697218 (hhmmss,timestamp) |
| Lucent2 | 084658+/- (hhmmss+/-) |
| Lucent3 | 084658 (hhmmss) |
| Nagios rrd | 1162540224 |
| FileZilla | 11.03.2009 19:45:46 |
| HP Eva | 2 18 2009 14 9 52 |
| Websense2 | 11 Jan 2011 09:44:18 AM |
| Exchange | 2011-07-08T14:13:42.237Z |
| Sonnicwall | 2011-05-12 07 59 01 |
| CSV | 09/30/2011,10:56:11 |
| Honeyd | 2011-05-17-09:42:24 |
| Epilog | 2011-11-21 06: 15:02 |
| WMI | 20180121084344.000000-000 |
| Spanish Date | 20120202 12:12:12 |
| SNMPTRAP | Mar 07, 2012 - 08:39:49 |
| CheckPoint | 1Feb2012;0:05:58 or 1Feb2012 0:05:58 |
| Lilian* Date | 11270 02:00:16 |
| Bluecoat | 2015-08-14 09:30:00 |
| American Date | 08/14/15 09:30:00 or 08/14/2015 09:30:00 |
| Fortigate | date=2015-03-17 time=22:03:55 |
| Sophos UTM | 2014:09:06-00:00:06 |
| Snare_2 | Jan. 22 11:20 AM |
| Aruba-airwave | 01/22/2018 11:20 AM |
| Anti-Spam SMTP Proxy (ASSP) | 01-22-18 11:21:35 |
Edit | Attach | Print version | History: r8 < r7 < r6 < r5 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r8 - 17 Sep 2021, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.