Adding a human-readable timestamp field.

Hello
I try to add human-readable timestamp field to capture_loss.log and stats.log

for stats.log
event Stats::log_http(rec: Stats::Info)
{ …

}

this did not work

and for the capture_loss there was no rec event to trigger.

is there another event I can use?

My guess is the suggestion would be to derive the human readable time from epoch time in the log already. Unless you have your reasons of course.
See “cf” in the list on this page:
http://bro.org/community/software.html
ftp://ee.lbl.gov/cf.tar.gz

Original epoch time in log

$ grep -v “^#” capture_loss.log | head -n 4
1376652216.898400 900.001180 worker-4 0 328165 0.000%
1376652223.161080 900.095410 worker-5 0 340367 0.000%
1376652224.511310 900.052610 worker-7 0 372860 0.000%
1376652224.377070 900.109850 worker-9 0 294452 0.000%

Epoch time converted to human readable time using CF

$ grep -v “^#” capture_loss.log | head -n 4 | /usr/local/bin/cf
Aug 16 11:23:36 900.001180 worker-4 0 328165 0.000%
Aug 16 11:23:43 900.095410 worker-5 0 340367 0.000%
Aug 16 11:23:44 900.052610 worker-7 0 372860 0.000%
Aug 16 11:23:44 900.109850 worker-9 0 294452 0.000%

-kb