I'm capturing traffic with tshark into a CSV file using "-T fields", but whatever I try I can't get a nice ISO date or even changing the timezone to UTC.
The command I'm using is
tshark.exe -i 2 -c 1 -T fields -e frame.time
This gives me
Capturing on 'Realtek PCIe FE Family Controller'
May 20, 2016 13:46:03.565211000 Hora oficial do Brasil
I've tried adding
- -o column.format:"Time,%Yut"
- -t ad
- -t ud
Not even "-t d" and "-t r" will change the format.
I'm running tshark in a Windows box with the OS installed in Portuguese (pt-BR) and even if I change the date language between English and Portuguese all I get is this strange mix of languages between the date and the timezone.
It seems that tshark under Windows ignores all the options to format dates.
I don't really need to have an ISO date, but I need one that can be parsed with the date{} filter in logstash. It could almost parse the one I'm getting, but it can't handle the "Hora oficial do Brasil" and I can't shake it off the time.frame text.
Update: I've found that on Ubuntu also the "-t" parameter has no effect. There, tshark prints the date/time part using the same format as in Windows, but it never prints a timezone name/offset/id. Even if it is a bug, the Unix behaviour would fix my problem...
