Set timezone (UTC) in events

[psuhaj]

Hello. I wanted to ask if there is any way to configure evebox to display UTC time and not local time. For example I set UTC time on capture machine where suricata runs, the eve.json file contains timestamps in UTC but if I connect to evebox remotely then in the events local time is displayed. The original timestamp of suricata event is displayed in the event details. For example suricata logs in UTC+0(that is what I want to display in evebox too), my machine has UTC+1 then the events have timestamp in UTC+1. I want the displayed time to be the same as the time in suricata events. Thank you.

[jasonish]

Internally EveBox works on UTC, however, its the display logic in the JavaScript that unconditinally converts it to local time. I'll look into a client-side setting to change this. For simplicity, I'll probably just allow the user to choose local time or UTC.

[psuhaj]

Yes I noticed that for example when EveBox creates indices hourly then the hour in the index name is in UTC but the display time is local time. A simple option in the GUI would be nice. Thank you.