Hello all:
Is there a way to use the Unix timestamp without any msec in log files? At the moment, msec is included in the timestamp.
Thanks
Hm, good question. I don't think there is going to be a "good" way to do it. If you *really* want to do it you could modify the ascii formatter to make it reduce the decimal points off the end of the value. There may be side effects if you do this though, I really haven't thought through it much. Here's the line that renders that field...
https://github.com/zeek/zeek/blob/master/src/threading/formatters/Ascii.cc#L118
.Seth