doc: add documentation for date modifiers in eve-log

author Mats Klepsland <mats.klepsland@gmail.com>

Tue, 14 Feb 2017 09:59:41 +0000 (10:59 +0100)

committer Victor Julien <victor@inliniac.net>

Thu, 6 Apr 2017 14:19:45 +0000 (16:19 +0200)
author Mats Klepsland <mats.klepsland@gmail.com>
Tue, 14 Feb 2017 09:59:41 +0000 (10:59 +0100)
committer Victor Julien <victor@inliniac.net>
Thu, 6 Apr 2017 14:19:45 +0000 (16:19 +0200)
diff --git a/doc/userguide/output/eve/eve-json-output.rst b/doc/userguide/output/eve/eve-json-output.rst

index 97ede6d94115ad0385e9fcedac1320064aa37502..60279470201d6bd9996f7888f448c1a6cfd9f084 100644 (file)
--- a/doc/userguide/output/eve/eve-json-output.rst
+++ b/doc/userguide/output/eve/eve-json-output.rst
@@ -203,6 +203,21 @@ enabled, then the log gets more verbose.
  
  By using ``custom`` it is possible to select which TLS fields to log.
  
+Date modifiers in filename
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+It is possible to use date modifiers in the eve-log filename.
+
+::
+
+   outputs:
+     - eve-log:
+         filename: eve-%s.json
+
+The example above adds epoch time to the filename. All the date modifiers from the
+C library should be supported. See the man page for ``strftime`` for all supported
+modifiers.
+
  Rotate log file
  ~~~~~~~~~~~~~~~
author	Mats Klepsland <mats.klepsland@gmail.com>
	Tue, 14 Feb 2017 09:59:41 +0000 (10:59 +0100)
committer	Victor Julien <victor@inliniac.net>
	Thu, 6 Apr 2017 14:19:45 +0000 (16:19 +0200)