From: Mats Klepsland <mats.klepsland@gmail.com>
Date: Tue, 14 Feb 2017 09:59:41 +0000 (+0100)
Subject: doc: add documentation for date modifiers in eve-log
X-Git-Tag: suricata-4.0.0-beta1~222
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8b9f84bff2d8bd95030e8d2d4a586a3cd3d2c649;p=thirdparty%2Fsuricata.git

doc: add documentation for date modifiers in eve-log
---

diff --git a/doc/userguide/output/eve/eve-json-output.rst b/doc/userguide/output/eve/eve-json-output.rst
index 97ede6d941..6027947020 100644
--- a/doc/userguide/output/eve/eve-json-output.rst
+++ b/doc/userguide/output/eve/eve-json-output.rst
@@ -203,6 +203,21 @@ enabled, then the log gets more verbose.
 
 By using ``custom`` it is possible to select which TLS fields to log.
 
+Date modifiers in filename
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+It is possible to use date modifiers in the eve-log filename.
+
+::
+
+   outputs:
+     - eve-log:
+         filename: eve-%s.json
+
+The example above adds epoch time to the filename. All the date modifiers from the
+C library should be supported. See the man page for ``strftime`` for all supported
+modifiers.
+
 Rotate log file
 ~~~~~~~~~~~~~~~